Fortinet FortiGate 4000 User Guide

System network

VLANs in NAT/Route mode

FortiGate-4000 Administration Guide

01-28006-0012-20041105

Figure 15: FortiGate unit in Nat/Route mode

Adding VLAN subinterfaces

The VLAN ID of each VLAN subinterface must match the VLAN ID added by the IEEE
802.1Q-compliant router. The VLAN ID can be any number between 1 and 4096.
Each VLAN subinterface must also be configured with its own IP address and
netmask.

You add VLAN subinterfaces to the physical interface that receives VLAN-tagged
packets.

To add a VLAN subinterface in NAT/Route mode

Go to System > Network > Interface.

Select Create New to add a VLAN subinterface.

Enter a Name to identify the VLAN subinterface.

Select the physical interface that receives the VLAN packets intended for this VLAN
subinterface.

Enter the VLAN ID that matches the VLAN ID of the packets to be received by this
VLAN subinterface.

Select the virtual domain to which to add this VLAN subinterface.
See

“System virtual domain” on page 131

for information about virtual domains.

Select the name of a zone if you want this VLAN subinterface to belong to a zone.
You can only select a zone that has been added to the virtual domain selected in the
previous step. See

“Zone” on page 57

for information about zones.

Configure the VLAN subinterface settings as you would for any FortiGate interface.
See

“Interface settings” on page 48

Select OK to save your changes.
The FortiGate unit adds the new VLAN subinterface to the interface that you selected
in step

802.1Q Trunk

VLAN switch

Internet

FortiGate

POWER

Esc

Enter

External
172.16.21.2

Internal

192.168.110.126

Fa0/3

Fa0/9

Fa0/24

VLAN 100

VLAN 200

VLAN 100 network

10.1.1.0

10.1.1.2

VLAN 200 network

10.1.2.0

10.1.2.2

Note: A VLAN must not have the same name as a virtual domain or zone.