Great video. BTW, you can save time by just creating one policy for the inter-vlan portion. Just create the first one, and then once done, right click on that policy and clone-reverse. It will recreate it in the opposite direction. All you have to do is give its a name. Cheers
You're absolutely right! Nevertheless, I'm well acquainted with the concept of clone reverse. In my opinion, individuals ought to grasp the process of creating things from the ground up. Once they have a solid grasp of the fundamentals, they can gradually acquaint themselves with the more straightforward approaches to accomplishing tasks.
This saved my ass because I was tasked to setup 4 vlans in our office using a 100E, will be creating 4 ports with 4 subnets and setup routing between them. very useful thank you!
LAN 2 network has some management features, such as HTTPS or FMG. Once any of the Administrative Access is enabled on that interface that makes it a management interface.
@@techy-world3716 thank you so much! I made 2 VLAN on FortiGate 60F (VLAN 10 and VLAN 25) using a a Zyxel GS1900 managed switch in testing enviroment. If I configure clients with fixed IP it works, but they aren't able to get IP from DHCP server ( configured on eachFortigate vlan, 192.168.10.1/24 and 192.168.25.1/24). I don't understand if the problem is the switch that is stopping DHCP service or if there is other configuration to do on firewall.
@xlv600tr If you scroll down on your VLAN 10 and VLAN 20 interfaces there, you will see the option to enable DHCP. The DHCP can be configured on your firewall, or you can configure it on your Zyxel GS1900 switch. If DHCP is configured on your switch, you will need to enable DHCP relay under the advance option below the DHCP on the fortigate 60F firewall.
@@techy-world3716 Thank you again. In switch menu I find only if switch receive ip from dhcp or if it has to fixed (for management). On fw it is active on both VLANS
No there is no need to have policy between VLAN but there are reasons to why you may want someone to have access to a specific VLAN other than where they belong. For example if you have a Camera VLAN and you belong to Data VLAN you won't be able to view the camera from your network device in Data VLAN without having a policy to allow your device or the entire Data VLAN. I hope this helps
Can I configure IP addresses on both the physical interface and VLAN interface as router on a stick. And reach the physical interface on a switch that has a port in Access mode???
The answer is Yes. You can configure multiple physical and Virtual interfaces and even route between them. What you need is policy. To answer your question YES it is possible
Good video and explanation but use a diagram for the self-paced bro- that way you get likes - someone who knows this will either ignore or just like. Thanks
This error is due to a trial license you are using which only allow 4 interfaces. What you can do is to use 2 interface (1 for WAN and the other for LAN which will include VLAN sub interfaces)
The access will be applied to the LAN interface e.g port 1 if you are using physical port or the VLAN interface e.g Data VLAN. You can also apply it to multiple interface but not on the zone.
Iam unable to create sub interface in fortigate firewall, below error is coming Maximum number of entries has been reached. Object set operator error, -4 discard the setting.
@@psksuresh8800 Delete 2 of your physical interfaces. You are using a trial license. You will be allowed 4 interfaces on a trial version. So best is to delete 2 physical interfaces and use 1 for WAN and the other interfaces for your sub interfaces
Please like, Share this videos to encourage more training videos. Thanks
Great video. BTW, you can save time by just creating one policy for the inter-vlan portion. Just create the first one, and then once done, right click on that policy and clone-reverse. It will recreate it in the opposite direction. All you have to do is give its a name. Cheers
You're absolutely right! Nevertheless, I'm well acquainted with the concept of clone reverse. In my opinion, individuals ought to grasp the process of creating things from the ground up. Once they have a solid grasp of the fundamentals, they can gradually acquaint themselves with the more straightforward approaches to accomplishing tasks.
This saved my ass because I was tasked to setup 4 vlans in our office using a 100E, will be creating 4 ports with 4 subnets and setup routing between them. very useful thank you!
I am very happy it was helpful.
Very good, Is there any configuration for beginners?
I recommend you watch this video
ua-cam.com/video/ac1L9ApwLlk/v-deo.html
great video thanks :)
the LAN 2 network is basically the management,right?Great video
LAN 2 network has some management features, such as HTTPS or FMG. Once any of the Administrative Access is enabled on that interface that makes it a management interface.
very good video Sir.
Hi. Thank you for video. I am not able to make ito work yet but there are the concept. I keep trying on my 60F ando managed Zyxel switch...
@@xlv600tr Tell me exactly where you need support. I can give you some pointers
@@techy-world3716 thank you so much! I made 2 VLAN on FortiGate 60F (VLAN 10 and VLAN 25) using a a Zyxel GS1900 managed switch in testing enviroment. If I configure clients with fixed IP it works, but they aren't able to get IP from DHCP server ( configured on eachFortigate vlan, 192.168.10.1/24 and 192.168.25.1/24). I don't understand if the problem is the switch that is stopping DHCP service or if there is other configuration to do on firewall.
@xlv600tr If you scroll down on your VLAN 10 and VLAN 20 interfaces there, you will see the option to enable DHCP. The DHCP can be configured on your firewall, or you can configure it on your Zyxel GS1900 switch. If DHCP is configured on your switch, you will need to enable DHCP relay under the advance option below the DHCP on the fortigate 60F firewall.
@@techy-world3716 Thank you again. In switch menu I find only if switch receive ip from dhcp or if it has to fixed (for management). On fw it is active on both VLANS
is there any need to have policy between one vlan in firewall?
No there is no need to have policy between VLAN but there are reasons to why you may want someone to have access to a specific VLAN other than where they belong. For example if you have a Camera VLAN and you belong to Data VLAN you won't be able to view the camera from your network device in Data VLAN without having a policy to allow your device or the entire Data VLAN. I hope this helps
Can I configure IP addresses on both the physical interface and VLAN interface as router on a stick. And reach the physical interface on a switch that has a port in Access mode???
The answer is Yes. You can configure multiple physical and Virtual interfaces and even route between them. What you need is policy. To answer your question YES it is possible
i have a 80F fortigate and an aruba 1830 switch..is it possible to communicate vlan info between the these devices.
Absolutely. The FortiGate firewall VLAN communicate easily with any managed switch, Cisco, Aruba, HP, Unifi and many more.
Good video and explanation but use a diagram for the self-paced bro- that way you get likes - someone who knows this will either ignore or just like. Thanks
Noted
Very good
Maximum number of entries has been reached. Object set operator error, -4 discard the setting. This error comming,plz support
This error is due to a trial license you are using which only allow 4 interfaces. What you can do is to use 2 interface (1 for WAN and the other for LAN which will include VLAN sub interfaces)
This video will show you how to remove interfaces ua-cam.com/video/jCJLwmfP0uM/v-deo.html
After doing this i am not able to access the firewall from lan zone. So how to get access it.
The access will be applied to the LAN interface e.g port 1 if you are using physical port or the VLAN interface e.g Data VLAN. You can also apply it to multiple interface but not on the zone.
Yes, I have created a data vlan 10 under port 1 and i am trying to access it from vlan 10 interface also https is enabled on that interface.
Have you lost all access to the device or can you get in via console or ssh?
The device you are accessing it from must be in VLAN 10 subnet as well. That is very important
If you are still having issue, I can look at in over a remote session if you want.
Sir I am unable to sub interface
Watch between 2mins - 5mins of this video that shows how to create VLAN which is the sub interfaces you are trying to create
Iam unable to create sub interface in fortigate firewall, below error is coming
Maximum number of entries has been reached.
Object set operator error, -4 discard the setting.
@@psksuresh8800 Delete 2 of your physical interfaces. You are using a trial license. You will be allowed 4 interfaces on a trial version. So best is to delete 2 physical interfaces and use 1 for WAN and the other interfaces for your sub interfaces
Sir, how to delete interface port3
Kindly support sir,we suffer last two weeks for this issue
excelente
where is the live testing you did not connect anything and test anything or live anything
Point taken, I will ensure that I show more testing in my next videos. But be assured that these steps are what is required on the FortiGate.
well explained. good job. Dropped a LIKE.
Much appreciated!
@@techy-world3716 and I subbed! Keep doing what you do, bro. ;-)