Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.4.5 Administration Guide
    7.4.5
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    FortiSwitch VLANs

    FortiSwitch VLANs

    To create a FortiSwitch VLAN:

    1. Go to FortiSwitch Manager > FortiSwitch VLANs.

    2. In the content pane, click Create New in the toolbar. The Create New VLAN Definition window opens.

    3. Enter the following information, then click OK to add the new VLAN.

      Interface Name

      Enter a name for the interface.

      VLAN ID

      Enter the VLAN ID

      Role

      Select the role for the interface: DMZ, LAN, UNDEFINED, or WAN.

      Estimated Bandwidth

      Enter the estimated upstream and downstream bandwidths.

      This option is only available when Role is WAN.

      Address

      Addressing mode

      The addressing mode.

      IP/Network Mask

      Enter the IP address and netmask.

      IPv6 Addressing mode

      Select the IPv6 addressing mode: Manual or DHCP.

      IPv6 Address/Prefix

      Enter the IPv6 address.

      This option is only available when IPv6 Addressing mode is Manual.

      Secondary IP Address

      Turn secondary IP addresses on or off.

      Add IP addresses to the table. See To add a secondary IP address: for details. Addresses can also be edited and deleted as required.

      Administrative Access

      IPv4

      Select the allowed IPv4 administrative service protocols from: CAPWAP, DNP, FGFM,FTM,HTTP, HTTPS, PING, PROBE-RESPONSE, RADIUS-ACCT, SNMP, SSH, and TELNET.

      Toggle Use Meta Variable ON to alternatively use a metadata variable to define this field. See ADOM-level metadata variables.

      IPv6

      Select the allowed IPv6 administrative service protocols from: CAPWAP, FGFM, HTTP, HTTPS, PING, SNMP, SSH, and TELNET.

      Toggle Use Meta Variable ON to alternatively use a metadata variable to define this field. See ADOM-level metadata variables.

      DHCP Server

      Turn the DHCP server on or off.

      DHCP Status

      Set the DHCP status as Enabled or Disabled.

      Address Range

      Configure address ranges for DHCP. Click Create to create a new range. Ranges can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      Netmask

      Enter the netmask.

      This option is only available when DHCP Server is ON and Mode is Server.

      Default Gateway

      Configure the default gateway: Same as Interface IP, or Specify. If set to Specify, enter the gateway IP address in the field.

      This option is only available when DHCP Server is ON and Mode is Server.

      DNS Server

      Configure the DNS server: Same as System DNS, Same as Interface IP, or Specify.

      This option is only available when DHCP Server is ON and Mode is Server.

      DNS Server 1 - 3

      Enter the DNS server IP addresses.

      This option is only available when DHCP Server is ON, Mode is Server, and DNS Server is Specify.

      Advanced

      Expand advanced options

      Mode

      Select the DHCP mode: Server or Relay.

      This option is only available when DHCP Server is ON.

      Type

      Select the type: Regular, or IPsec.

      This option is only available when DHCP Server is ON.

      NTP Server

      Configure the NTP server: Local, Same as System NTP, or Specify. If set to Specify, enter the NTP server IP address in the field.

      This option is only available when DHCP Server is ON and Mode is Server.

      Wireless Controllers

      Configure wireless controllers: Same as Interface IP or Specify.

      This option is only available when DHCP Server is ON and Mode is Server.

      Timezone Option

      Configure the timezone: Disable, Same as System, or Specify. If set to Specify, select the timezone from the dropdown list.

      This option is only available when DHCP Server is ON and Mode is Server.

      Next Bootstrap Server

      Enter the IP address of the next bootstrap server.

      This option is only available when DHCP Server is ON and Mode is Server.

      TFTP Server(s)

      Add TFTP server(s).

      Additional DHCP Options

      In the Lease Time field, enter the lease time, in seconds. Default: 604800 seconds (7 days).

      Add DHCP options to the table. See To add additional DHCP options: for details. Options can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      IP Address Assignment Rules

      Select the action to take with unknown MAC addresses or DHCP Relay Agent: Assign IP, Block or Reserve IP.

      Specify the match criteria.

      Add MAC address actions to the table. See To add a MAC address or DHCP Relay Agent reservation: for details. Reservations can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      Stateless Address Auto-Configuration (SLAAC)

      Enable or disable stateless address auto-configuration (SLAAC).

      IPv6 Prefix List

      Enable to define an IPv6 Prefix.

      VRRP

      Configure VRRP settings for the VLAN template.

      Click Create New to create a new VRRP item.

      Network

      These options are only available when Role is DMZ, LAN, or UNDEFINED.

      Device Detection

      Turn device detection on or off.

      Active Scanning

      Turn active scanning on or off.

      This option is only available when Device Detection is on.

      Security Mode

      Select the security mode: CAPTIVE-PORTAL, or NONE.

      Authentication Portal

      Configure the authentication portal: Local or External. If External is selected, enter the portal in the field.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      User Access

      Select Restricted to Groups or Allow All.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      User Groups

      Select user groups from the available groups.

      This option is available when Security Mode is CAPTIVE-PORTAL and User Access is Restricted to Groups.

      Exempt Sources

      Select sources that are exempt from the available firewall addresses.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Exempt Destinations

      Select destinations that are exempt from the available firewall addresses.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Exempt Services

      Select services that are exempt from the available firewall services.

      This option is only available when Security mode is CAPTIVE-PORTAL.

      Miscellaneous

      Comments

      Optionally, enter comments.

      Status

      Select if the interface is Enabled or Disabled.

      Color

      Change the color of the interface to one of the 32 options.

      IPv4 Advanced Options

      Expand to view and configure advanced IPv4 options.

      IPv6 Advanced Options

      Expand to view and configure advanced IPv6 options.

      Per-Device Mapping

      Enable per-device mapping.

      Add mappings to the table. See To add per device mapping: for details. Mappings can also be edited and deleted as required.
    To add additional DHCP options:

    1. Enable the DHCP Server setting, and expand the Advanced drawer.

    2. Click Create New in the Additional DHCP Options table toolbar. The Additional DHCP Options dialog box opens.

    3. Enter the Option Code.

    4. Select the Value Type: Hexadecimal, String, IP, or FQDN.

    5. Enter the corresponding value.

    6. Click OK to create the option.

    To add a MAC address or DHCP Relay Agent reservation:

    1. Enable the DHCP Server setting, and expand the Advanced drawer.

    2. Click Create New in the IP Address Assignment Rules table toolbar. The Create New IP Address Assignment Rule dialog box opens.

    3. Select the Type as either MAC Address or DHCP Relay Agent, and enter the corresponding Match Criteria.

    4. Select the Action Type as Assign IP, Block, or Reserve IP. When selecting Reserve IP, specify the IP address.

    5. Click OK to create the reservation.

    To add a secondary IP address:

    1. Enable the Secondary IP Address setting under Address.

    2. Click Create New in the Secondary IP address table toolbar. A dialog box opens.

    3. Enter the IP address and netmask in the IP/Network Mask field.

    4. Select the allowed administrative service protocols from: CAPWAP, DNP, FGFM, FTM, HTTP, HTTPS, PING, PROBE-RESPONSE, RADIUS-ACCT, SNMP, SSH, and TELNET.

    5. Click OK to add the address.

    To add per device mapping:

    1. Expand the Per-Device Mapping section.

    2. Click Create New in the Per-Device Mapping table toolbar. The Per-Device Mapping dialog box opens.

    3. Select the device to be mapped from the Mapped Device drop-down list.

    4. Enter the VLAN ID.

    5. Enter the mapped IP address and netmask in the IP/Netmask field.

    6. If required, enable Mapped DHCP Server and configure the options (options are the same as when creating a new VLAN definition).

    7. Configure the remaining settings as needed.

    8. Click OK to add the device mapping.

    Previous
    Next

    FortiSwitch VLANs

    FortiSwitch VLANs

    To create a FortiSwitch VLAN:

    1. Go to FortiSwitch Manager > FortiSwitch VLANs.

    2. In the content pane, click Create New in the toolbar. The Create New VLAN Definition window opens.

    3. Enter the following information, then click OK to add the new VLAN.

      Interface Name

      Enter a name for the interface.

      VLAN ID

      Enter the VLAN ID

      Role

      Select the role for the interface: DMZ, LAN, UNDEFINED, or WAN.

      Estimated Bandwidth

      Enter the estimated upstream and downstream bandwidths.

      This option is only available when Role is WAN.

      Address

      Addressing mode

      The addressing mode.

      IP/Network Mask

      Enter the IP address and netmask.

      IPv6 Addressing mode

      Select the IPv6 addressing mode: Manual or DHCP.

      IPv6 Address/Prefix

      Enter the IPv6 address.

      This option is only available when IPv6 Addressing mode is Manual.

      Secondary IP Address

      Turn secondary IP addresses on or off.

      Add IP addresses to the table. See To add a secondary IP address: for details. Addresses can also be edited and deleted as required.

      Administrative Access

      IPv4

      Select the allowed IPv4 administrative service protocols from: CAPWAP, DNP, FGFM,FTM,HTTP, HTTPS, PING, PROBE-RESPONSE, RADIUS-ACCT, SNMP, SSH, and TELNET.

      Toggle Use Meta Variable ON to alternatively use a metadata variable to define this field. See ADOM-level metadata variables.

      IPv6

      Select the allowed IPv6 administrative service protocols from: CAPWAP, FGFM, HTTP, HTTPS, PING, SNMP, SSH, and TELNET.

      Toggle Use Meta Variable ON to alternatively use a metadata variable to define this field. See ADOM-level metadata variables.

      DHCP Server

      Turn the DHCP server on or off.

      DHCP Status

      Set the DHCP status as Enabled or Disabled.

      Address Range

      Configure address ranges for DHCP. Click Create to create a new range. Ranges can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      Netmask

      Enter the netmask.

      This option is only available when DHCP Server is ON and Mode is Server.

      Default Gateway

      Configure the default gateway: Same as Interface IP, or Specify. If set to Specify, enter the gateway IP address in the field.

      This option is only available when DHCP Server is ON and Mode is Server.

      DNS Server

      Configure the DNS server: Same as System DNS, Same as Interface IP, or Specify.

      This option is only available when DHCP Server is ON and Mode is Server.

      DNS Server 1 - 3

      Enter the DNS server IP addresses.

      This option is only available when DHCP Server is ON, Mode is Server, and DNS Server is Specify.

      Advanced

      Expand advanced options

      Mode

      Select the DHCP mode: Server or Relay.

      This option is only available when DHCP Server is ON.

      Type

      Select the type: Regular, or IPsec.

      This option is only available when DHCP Server is ON.

      NTP Server

      Configure the NTP server: Local, Same as System NTP, or Specify. If set to Specify, enter the NTP server IP address in the field.

      This option is only available when DHCP Server is ON and Mode is Server.

      Wireless Controllers

      Configure wireless controllers: Same as Interface IP or Specify.

      This option is only available when DHCP Server is ON and Mode is Server.

      Timezone Option

      Configure the timezone: Disable, Same as System, or Specify. If set to Specify, select the timezone from the dropdown list.

      This option is only available when DHCP Server is ON and Mode is Server.

      Next Bootstrap Server

      Enter the IP address of the next bootstrap server.

      This option is only available when DHCP Server is ON and Mode is Server.

      TFTP Server(s)

      Add TFTP server(s).

      Additional DHCP Options

      In the Lease Time field, enter the lease time, in seconds. Default: 604800 seconds (7 days).

      Add DHCP options to the table. See To add additional DHCP options: for details. Options can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      IP Address Assignment Rules

      Select the action to take with unknown MAC addresses or DHCP Relay Agent: Assign IP, Block or Reserve IP.

      Specify the match criteria.

      Add MAC address actions to the table. See To add a MAC address or DHCP Relay Agent reservation: for details. Reservations can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      Stateless Address Auto-Configuration (SLAAC)

      Enable or disable stateless address auto-configuration (SLAAC).

      IPv6 Prefix List

      Enable to define an IPv6 Prefix.

      VRRP

      Configure VRRP settings for the VLAN template.

      Click Create New to create a new VRRP item.

      Network

      These options are only available when Role is DMZ, LAN, or UNDEFINED.

      Device Detection

      Turn device detection on or off.

      Active Scanning

      Turn active scanning on or off.

      This option is only available when Device Detection is on.

      Security Mode

      Select the security mode: CAPTIVE-PORTAL, or NONE.

      Authentication Portal

      Configure the authentication portal: Local or External. If External is selected, enter the portal in the field.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      User Access

      Select Restricted to Groups or Allow All.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      User Groups

      Select user groups from the available groups.

      This option is available when Security Mode is CAPTIVE-PORTAL and User Access is Restricted to Groups.

      Exempt Sources

      Select sources that are exempt from the available firewall addresses.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Exempt Destinations

      Select destinations that are exempt from the available firewall addresses.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Exempt Services

      Select services that are exempt from the available firewall services.

      This option is only available when Security mode is CAPTIVE-PORTAL.

      Miscellaneous

      Comments

      Optionally, enter comments.

      Status

      Select if the interface is Enabled or Disabled.

      Color

      Change the color of the interface to one of the 32 options.

      IPv4 Advanced Options

      Expand to view and configure advanced IPv4 options.

      IPv6 Advanced Options

      Expand to view and configure advanced IPv6 options.

      Per-Device Mapping

      Enable per-device mapping.

      Add mappings to the table. See To add per device mapping: for details. Mappings can also be edited and deleted as required.
    To add additional DHCP options:

    1. Enable the DHCP Server setting, and expand the Advanced drawer.

    2. Click Create New in the Additional DHCP Options table toolbar. The Additional DHCP Options dialog box opens.

    3. Enter the Option Code.

    4. Select the Value Type: Hexadecimal, String, IP, or FQDN.

    5. Enter the corresponding value.

    6. Click OK to create the option.

    To add a MAC address or DHCP Relay Agent reservation:

    1. Enable the DHCP Server setting, and expand the Advanced drawer.

    2. Click Create New in the IP Address Assignment Rules table toolbar. The Create New IP Address Assignment Rule dialog box opens.

    3. Select the Type as either MAC Address or DHCP Relay Agent, and enter the corresponding Match Criteria.

    4. Select the Action Type as Assign IP, Block, or Reserve IP. When selecting Reserve IP, specify the IP address.

    5. Click OK to create the reservation.

    To add a secondary IP address:

    1. Enable the Secondary IP Address setting under Address.

    2. Click Create New in the Secondary IP address table toolbar. A dialog box opens.

    3. Enter the IP address and netmask in the IP/Network Mask field.

    4. Select the allowed administrative service protocols from: CAPWAP, DNP, FGFM, FTM, HTTP, HTTPS, PING, PROBE-RESPONSE, RADIUS-ACCT, SNMP, SSH, and TELNET.

    5. Click OK to add the address.

    To add per device mapping:

    1. Expand the Per-Device Mapping section.

    2. Click Create New in the Per-Device Mapping table toolbar. The Per-Device Mapping dialog box opens.

    3. Select the device to be mapped from the Mapped Device drop-down list.

    4. Enter the VLAN ID.

    5. Enter the mapped IP address and netmask in the IP/Netmask field.

    6. If required, enable Mapped DHCP Server and configure the options (options are the same as when creating a new VLAN definition).

    7. Configure the remaining settings as needed.

    8. Click OK to add the device mapping.

    Previous
    Next