• Home

  • Documents

  • VLANs and VDOMs Guide - Firewall · PDF fileFortiGate VLANs and VDOMs Version 3.0 User Guide...
152
www.fortinet.com FortiGate VLANs and VDOMs Version 3.0 USER GUIDE

VLANs and VDOMs Guide - Firewall · PDF fileFortiGate VLANs and VDOMs Version 3.0 User Guide ... VLAN layer-3 routing ... Asymmetric routing

  • Upload
    lethuy

  • View
    244

  • Download
    2

Embed Size (px)

Citation preview

  • www.fortinet.com

    FortiGate VLANs and VDOMs Version 3.0

    U S E R G U I D E

  • FortiGate VLANs and VDOMs User GuideVersion 3.010 SEPTEMBER 200701-30005-0091-20070910

    Copyright 2007 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.

    TrademarksDynamic Threat Prevention System (DTPS), APSecure, FortiASIC, FortiBIOS, FortiBridge, FortiClient, FortiGate, FortiGate Unified Threat Management System, FortiGuard, FortiGuard-Antispam, FortiGuard-Antivirus, FortiGuard-Intrusion, FortiGuard-Web, FortiLog, FortiAnalyzer, FortiManager, Fortinet, FortiOS, FortiPartner, FortiProtect, FortiReporter, FortiResponse, FortiShield, FortiVoIP, and FortiWiFi are trademarks of Fortinet, Inc. in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

  • Contents

    ContentsIntroduction ........................................................................................ 7

    About FortiGate VLANs and VDOMs ............................................................... 7

    About this document......................................................................................... 7Document conventions.................................................................................. 7

    FortiGate documentation .................................................................................. 8

    Related documentation ..................................................................................... 9FortiManager documentation ........................................................................ 9FortiClient documentation ........................................................................... 10FortiMail documentation.............................................................................. 10FortiAnalyzer documentation ...................................................................... 10Fortinet Knowledge Center ......................................................................... 10Comments on Fortinet technical documentation......................................... 10

    Customer service and technical support ...................................................... 11

    Introduction to VLANs and VDOMs................................................ 13Overview of VLAN technology ....................................................................... 13

    VLAN layer-2 switching ............................................................................... 14VLAN layer-3 routing................................................................................... 16Rules for VLAN IDs ..................................................................................... 18

    Overview of Virtual Domains .......................................................................... 18Maximum number of VDOMs...................................................................... 18Inter-VDOM routing ..................................................................................... 19Management VDOM ................................................................................... 19Administration of virtual domains ................................................................ 19Global and virtual domain settings .............................................................. 20For more information................................................................................... 22

    Using VLANs in NAT/Route mode.................................................. 23Overview........................................................................................................... 23

    Configuring FortiGate units in NAT/Route mode ......................................... 23Adding VLAN subinterfaces ........................................................................ 24Creating firewall policies ............................................................................. 25Configuring routing...................................................................................... 25

    Example configuration NAT/Route mode (simple) ....................................... 26General configuration steps ........................................................................ 27Configuring the FortiGate-800 unit .............................................................. 27Configuring the Cisco switch to support VLAN tags.................................... 33Testing the configuration............................................................................. 34

    FortiGate VLANs and VDOMs Version 3.0 User Guide 01-30005-0091-20070910 3

  • 4

    Contents

    Example configuration NAT/Route mode (complex).................................... 35General configuration steps ........................................................................ 36Configuring the FortiGate-800 unit.............................................................. 37Configuring the FortiGate-800 IPSec VPN tunnel and encrypt policy......... 45Configuring the VPN client.......................................................................... 49Configuring the internal Cisco switch.......................................................... 51Configuring the external Cisco switch......................................................... 51Testing the configuration............................................................................. 52

    Using VDOMs in NAT/Route mode................................................. 55Overview........................................................................................................... 55

    Getting started with VDOMs........................................................................... 55Enabling virtual domain configuration ......................................................... 55Creating virtual domains ............................................................................. 56Creating administrators for virtual domains ................................................ 57Accessing virtual domains to configure them.............................................. 57

    Configuring virtual domains........................................................................... 59Changing the management VDOM............................................................. 59Adding interfaces and VLAN subinterfaces to a virtual domain .................. 60Configuring routing for a virtual domain ...................................................... 61Configuring firewall policies for a virtual domain......................................... 61Configuring VPNs for a virtual domain........................................................ 61

    Example VDOM configuration in NAT/Route mode (simple)....................... 62General configuration steps ........................................................................ 63Creating the virtual domains ....................................................................... 63Configuring the FortiGate-800 external and DMZ interfaces ...................... 64Configuring the ABCdomain VDOM............................................................ 65Configuring the DEFdomain VDOM............................................................ 69Configuring the Cisco switch....................................................................... 73Testing the configuration............................................................................. 73

    Example VDOM configuration in NAT/Route mode (complex).................... 75General configuration steps ........................................................................ 77Creating the virtual domains ....................................................................... 77Configuring the ABCdomain VDOM............................................................ 78Configuring the Commercial VDOM............................................................ 84Configuring the Cisco switch....................................................................... 94Testing the configuration............................................................................. 95

    Using VLANs and VDOMs in Transparent mode .......................... 97Overview........................................................................................................... 97

    VLANs and virtual domains......................................................................... 97

    Configuring the FortiGate unit in Transparent mode................................... 98Adding VLAN subinterfaces ........................................................................ 98Creating firewall policies ............................................................................. 99

    FortiGate VLANs and VDOMs Version 3.0 User Guide 01-30005-0091-20070910

  • Contents

    Example configuration Transparent mode (simple)................................... 100General configuration steps ...................................................................... 101Configuring the FortiGate-800 unit ............................................................ 101Configuring the Cisco switch..................................................................... 106Configuring the Cisco router ..................................................................... 106Testing the configuration........................................................................... 108

    Example configuration Transparent mode (multiple virtual domains)..... 109Configuring


Objectives: Chapter 9: Data Centre Architecture VLAN definition and benefits * VLANs and broadcast domains * Routers role in VLANs * Types of VLANs * VLANs

Objectives: Chapter 9: Data Centre Architecture VLAN definition and benefits * VLANs and broadcast domains * Routers role in VLANs * Types of VLANs * VLANs

Documents
Cisco MWR 2941 Mobile Wireless Edge Router Software ......Native VLANs 8-4 System MTU 8-5 802.1Q Tunneling and Other Features 8-6 Routing on VLANs with 802.1Q Tunnel Ports 8-6 Configuring

Cisco MWR 2941 Mobile Wireless Edge Router Software ......Native VLANs 8-4 System MTU 8-5 802.1Q Tunneling and Other Features 8-6 Routing on VLANs with 802.1Q Tunnel Ports 8-6 Configuring

Documents
VLANs 2940

VLANs 2940

Documents
Config Vlans

Config Vlans

Documents
Virtual LANs. Overview VLAN Basics VLAN Types Identifying VLANs VLAN Trunking Protocol Routing between VLANs Configuring VLANs

Virtual LANs. Overview VLAN Basics VLAN Types Identifying VLANs VLAN Trunking Protocol Routing between VLANs Configuring VLANs

Documents
VLANs - Anandp

VLANs - Anandp

Documents
Chapter 14 Configuring VLANs - whp …whp-aus1.cold.extweb.hp.com/pub/networking/... · Chapter 14 Configuring VLANs ... ports are resident on module 2 of the routing switch: USING

Chapter 14 Configuring VLANs - whp …whp-aus1.cold.extweb.hp.com/pub/networking/... · Chapter 14 Configuring VLANs ... ports are resident on module 2 of the routing switch: USING

Documents
Configuring VLANs, VTP, and VMPS - cisco.com · Configuring VLANs, VTP, and VMPS This chapter describes VLANs on Catalyst 4500 series switches. ... † VLANs, page 16-1 † VLAN Trunking

Configuring VLANs, VTP, and VMPS - cisco.com · Configuring VLANs, VTP, and VMPS This chapter describes VLANs on Catalyst 4500 series switches. ... † VLANs, page 16-1 † VLAN Trunking

Documents
VLANs Module 2. 2 VLANs VLANs Trunking VLAN Trunking Protocol (VTP)

VLANs Module 2. 2 VLANs VLANs Trunking VLAN Trunking Protocol (VTP)

Documents
Lecture10 : VLANs

Lecture10 : VLANs

Documents
FSM73xx GSM73xx GMS72xxR Shared access to the ... 3...6 4 - Creating a routing VLAN To create routing VLANs access the VLAN Routing Wizard via Routing VLAN. 1) Type the VLAN ID (in

FSM73xx GSM73xx GMS72xxR Shared access to the ... 3...6 4 - Creating a routing VLAN To create routing VLANs access the VLAN Routing Wizard via Routing VLAN. 1) Type the VLAN ID (in

Documents
Lab 5: Inter-VLANs Routing Network Topology:- · PDF file · 2017-07-221 Lab 5: Inter-VLANs Routing ... 4. Configure Intra VLAN routing. 5. Configure VTP Server. 6. ... 2) Desirable:

Lab 5: Inter-VLANs Routing Network Topology:- · PDF file · 2017-07-221 Lab 5: Inter-VLANs Routing ... 4. Configure Intra VLAN routing. 5. Configure VTP Server. 6. ... 2) Desirable:

Documents
ProCurve Advanced Traffic Management Guide for …whp-hou4.cold.extweb.hp.com/pub/networking/software/3500...Routing Options for VLANs . . . . . . . . . . . . . . . . . . . . . .

ProCurve Advanced Traffic Management Guide for …whp-hou4.cold.extweb.hp.com/pub/networking/software/3500...Routing Options for VLANs . . . . . . . . . . . . . . . . . . . . . .

Documents
SuperStack 3 Switch 3226 and Switch 3250 Implementation Guide · Implementing IP Routing 88 Configuring IP VLANs 88 Establishing IP Interfaces 88 IP Routing Protocols 90 Routing Information

SuperStack 3 Switch 3226 and Switch 3250 Implementation Guide · Implementing IP Routing 88 Configuring IP VLANs 88 Establishing IP Interfaces 88 IP Routing Protocols 90 Routing Information

Documents
  · Web viewMust support IEEE 802.1q encapsulation for VLANs, port-based VLANs, protocol-based VLANs and tagged-based VLANs with full support for the GARP and GVRP protocols.

  · Web viewMust support IEEE 802.1q encapsulation for VLANs, port-based VLANs, protocol-based VLANs and tagged-based VLANs with full support for the GARP and GVRP protocols.

Documents
S4 C1 REVIEW. Review Topics Switching, VLANs, LAN Design, Routing Protocols (especially IGRP), ACLs, and IPX Why use LAN switching and VLANs Must gather

S4 C1 REVIEW. Review Topics Switching, VLANs, LAN Design, Routing Protocols (especially IGRP), ACLs, and IPX Why use LAN switching and VLANs Must gather

Documents
TestOut Routing and Switching Pro – English 6.0€¦ · Manage default VLAN configuration settings 6.4 Virtual LANs (VLANs) 4.0 VLAN configuration View information about VLANs configured

TestOut Routing and Switching Pro – English 6.0€¦ · Manage default VLAN configuration settings 6.4 Virtual LANs (VLANs) 4.0 VLAN configuration View information about VLANs configured

Documents
Chapter 3: VLANs - users.metropolia.fiusers.metropolia.fi/~harriah/CCNA2_V5_RSCCNA5.0/STUDENT_MATE… · Chapter 3: VLANs Routing & Switching. ... ports used to establish the trunk

Chapter 3: VLANs - users.metropolia.fiusers.metropolia.fi/~harriah/CCNA2_V5_RSCCNA5.0/STUDENT_MATE… · Chapter 3: VLANs Routing & Switching. ... ports used to establish the trunk

Documents
Chapter 3cf.linnbenton.edu/bcs/cs/beckerd/upload/CIS153S11CH3.pdf · VLANs Chapter 3 . 2 Topics The role of VLANs in a network Trunking VLANs Configure VLANs on switches Troubleshoot

Chapter 3cf.linnbenton.edu/bcs/cs/beckerd/upload/CIS153S11CH3.pdf · VLANs Chapter 3 . 2 Topics The role of VLANs in a network Trunking VLANs Configure VLANs on switches Troubleshoot

Documents
How do I set up one or more VLANs between a NETGEAR ......Enable Inter VLAN Routing. Clear the check box to disable inter VLAN routing. Important: If inter VLAN routing is enabled,

How do I set up one or more VLANs between a NETGEAR ......Enable Inter VLAN Routing. Clear the check box to disable inter VLAN routing. Important: If inter VLAN routing is enabled,

Documents
Network Infrastructure - Dicomat€¦ · IP-Based VLAN • Routing of data packets between VLANs via IP address • Communication from one participant to two or more VLANs • Economic

Network Infrastructure - Dicomat€¦ · IP-Based VLAN • Routing of data packets between VLANs via IP address • Communication from one participant to two or more VLANs • Economic

Documents
VLANs Lecture

VLANs Lecture

Documents
Objectives: Chapter 8: Virtual LAN (VLAN) VLAN definition and benefits * VLANs and broadcast domains * Routers role in VLANs * Types of VLANs * VLANs protocols:

Objectives: Chapter 8: Virtual LAN (VLAN) VLAN definition and benefits * VLANs and broadcast domains * Routers role in VLANs * Types of VLANs * VLANs protocols:

Documents
Mod8 vlans

Mod8 vlans

Technology
Chapter 18 VLANs - Arista Networks · PDF fileChapter 18: VLANs VLAN Conceptual Overview 903 18.2.3 VLAN Routing Each VLAN can be associated with a switch virtual interface (SVI),

Chapter 18 VLANs - Arista Networks · PDF fileChapter 18: VLANs VLAN Conceptual Overview 903 18.2.3 VLAN Routing Each VLAN can be associated with a switch virtual interface (SVI),

Documents
Chapter 14 Configuring VLANswhp-aus2.cold.extweb.hp.com/pub/networking/software/...14-1 Chapter 14 Configuring VLANs This chapter describes how to configure VLANs on HP routing switches

Chapter 14 Configuring VLANswhp-aus2.cold.extweb.hp.com/pub/networking/software/...14-1 Chapter 14 Configuring VLANs This chapter describes how to configure VLANs on HP routing switches

Documents
Implementing Inter-VLAN Routing Describing Routing Between VLANs

Implementing Inter-VLAN Routing Describing Routing Between VLANs

Documents
Understanding VLANs when Sharing OSA Ports on System zFILE/OSA_VLAN_z.pdf · shared-OSA environment and how routing with VLANs occurs over a shared OSA. ... Destination MacAddress

Understanding VLANs when Sharing OSA Ports on System zFILE/OSA_VLAN_z.pdf · shared-OSA environment and how routing with VLANs occurs over a shared OSA. ... Destination MacAddress

Documents
Configuring Routing Between VLANs · Configuring Routing Between VLANs ThismoduleprovidesanoverviewofVLANs.Itdescribestheencapsulationprotocolsusedforrouting

Configuring Routing Between VLANs · Configuring Routing Between VLANs ThismoduleprovidesanoverviewofVLANs.Itdescribestheencapsulationprotocolsusedforrouting

Documents
Chapter 10 Lab 10-2, Securing VLANs INSTRUCTOR …rgraziani/cis187/labs-v7/CCNPv7.1_SWITCH_Lab … · and-ipv6 routing” and “lanbase-routing”, respectively. Depending on the

Chapter 10 Lab 10-2, Securing VLANs INSTRUCTOR …rgraziani/cis187/labs-v7/CCNPv7.1_SWITCH_Lab … · and-ipv6 routing” and “lanbase-routing”, respectively. Depending on the

Documents