Inter-VLAN Routing in FortiGate Firewall & Cisco Router
Inter-VLAN Routing in FortiGate Firewall & Cisco Router
Inter-VLAN Configuration in FortiGate Firewall: -
Note: Configuring Interface VLAN under the Local LAN interface of the Firewall (Here I have Configured 3 VLAN interfaces i.e., DATA, MGMT_VLAN & VOICE_VLAN.)
Step 1: Firstly, I have created a DATA
VLAN Interface with the static IP of 192.168.1.1/29.
Here I have only
enabled Just Ping so that the Data users cannot able to manage the Firewall
through SSH or WEB. Also enabled an object-matching subnet for the Interface,
so that I can able to use it in the Source and Destination objects section.
Step 2:
Enabling
DHCP Server Data VLAN users with the default settings. (Here I have changed the DNS to
Google DNS i.e.; 8.8.8.8)
Step 3: Secondly, I have created a VOICE VLAN Interface with the static IP of 192.168.1.9/29.
Here I have only
enabled Just Ping so that the Voice users as it is not required to manage the Firewall
through SSH or WEB. Also enabled an object-matching subnet for the Interface,
so that I can able to use it in the Source and Destination objects section.
Step 4: Enabling DHCP Server Voice
VLAN users with the default settings. (Here I
have changed the DNS to Google DNS i.e.; 8.8.8.8)
Step 5:
Thirdly, I have created a MGMT VLAN Interface with the static IP of
192.168.1.17/29.(Management VLAN)
Here I have only
enabled HTTPS and Ping so that the MGMT users can able to manage the Firewall
through WEB. Also enabled an object-matching subnet for the Interface, so that
I can able to use it in the Source and Destination objects section.
Note: Configuring the Policies for each of the VLANs i.e.; DATA, VOICE & MGMT. In total, I have created five policies for two of them I have to disable NAT as those two are the Inter-VLAN routing policies i.e.; “DATA_TO_VOICE” & “VOICE_TO_DATA” and for the others I have enabled NAT as those are for the VLAN user to talk over the Internet. There are no policies for MGMT to DATA or MGMT to Voice as we are keeping them separate, they can't able to talk with each other.
Step 7:
Configuring
the policy for Data to Voice users (Here I have chosen Source as DATA
address and destination as VOICE address action is “accept” and service is
“all” at last “enable this policy radio enabled”)
Step 8: Configuring the policy for Voice to Data users (Here I have chosen Source as VOICE address and destination as DATA address action is “accept” and service is “all” at last “enable this policy radio enabled”).
Inter-VLAN
Configuration in FortiGate Firewall: -
hostname ISP_ROUTER
interface
GigabitEthernet0/0
ip address 172.168.1.1 255.255.255.252
no sh
interface
GigabitEthernet0/1
no sh
interface
GigabitEthernet0/1.200
encapsulation dot1Q 200
ip address 8.8.8.254 255.0.0.0
interface
GigabitEthernet0/1.201
encapsulation dot1Q 201
ip address 9.9.9.254 255.0.0.0
write memory
end
Note: Here I have just added the
configuration of the Router and Firewall, not the switches for your kind
information there is not much configuration inside the switch only creating
VLANs, assigning ports to the respective VLANs, and making the uplinks as a
trunk that’s all.
Join the conversation