Network configuration Configuring VLANs
FortiGate-400 Installation and Configuration Guide 139
3 Add a default gateway IP address if the FortiGate unit must connect to a default
gateway to reach the management computer.
4 Select the management Access methods for each interface.
5 Select Apply to save your changes.
Configuring VLANs
Using Virtual LAN (VLAN) technology, a single FortiGate unit can provide security
services and control connections between multiple security domains. Traffic from each
security domain is given a different VLAN ID. The FortiGate unit can recognize VLAN
IDs and apply security policies to secure network and IPSec VPN traffic between
security domains. The FortiGate unit can also apply authentication, content filtering,
and antivirus protection for network and VPN traffic that is allowed to pass between
security domains.
This section describes a basic VLAN network configuration, provides an overview of
what is required to configure the FortiGate unit to support VLANs, and describes how
to add VLAN subinterfaces. VLAN subinterfaces function like any FortiGate interface.
You can add firewall addresses for a VLAN subinterface to add it to the policy grid.
You can also add VLAN subinterfaces to zones.
VLAN support is available when the FortiGate unit is operating in NAT/Route mode.
This section describes:
• VLAN network configuration
• Adding VLAN subinterfaces
VLAN network configuration
Fortigate units support IEEE 802.1Q-compliant VLAN tags. A VLAN tag is a series of
added bits in the ethernet frame header that indicates membership in a particular
VLAN.
The FortiGate unit does not add or change VLAN tags. However, you can configure it
to separate VLAN-tagged packets and apply policies to control how they connect
through the firewall.
HTTPS To allow secure HTTPS connections to the web-based manager through this
interface.
PING If you want this interface to respond to pings. Use this setting to verify your
installation and for testing.
SSH To allow secure SSH connections to the CLI through this interface.
SNMP To allow a remote SNMP manager to request SNMP information by connecting to
this interface. See “Configuring SNMP” on page 162.
