Skip to main content
Configure VLAN
Last update:

Configure VLAN

Virtual Local Area Networks (VLANs) allow you to segment your network, maximize performance, and provide additional network security.

To create two virtual networks with access to each other and to the Internet:

  1. Create interfaces.
  2. Customize the security policy.

Create interfaces

  1. Click on the tab Network → Interfaces.
  2. Specify a name for the new interface.
  3. For the parameter Type Select the VLAN value.
  4. Set the network identifier in the field VLAN ID.
  5. Select for parameter Role LAN value.
  6. In the field IP/Netmask Set the network address and mask.
  7. Add addresses for the created VLANs. To do this, go to Policy & ObjectsAddresses.
  8. Create a new address and specify its name and IP address. In recent versions of FortiOS firmware, these addresses are created automatically when VLAN interfaces are created.

Customize the security policy

Create two policies for VLAN subnets to access each other. In these policies, make sure that NAT is enabled.

  1. Go to the section Policy & ObjectsIPv4 Policy and create a new policy.
  2. As. Incoming Interface Select the interface of the first VLAN, and as the Outgoing Interface — interface of the second VLAN.
  3. As. Source Select the address of the first VLAN as Destination — address of the second VLAN.
  4. Make sure that NAT is turned off.
  5. Create a second policy, but swap the VLANs.
  6. Create two policies for each VLAN subnet for Internet access similar to the previous ones, but as a Outgoing Interface select the external interface.