Fortinet black logo

Handbook

Configuration example

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:524937
Download PDF

Configuration example

Step 1: Create VLANs and forwarding domains

config system interface

edit "vlan102_intern"

set forward-domain 102

set interface "port2"

set vlanid 102

next

edit "vlan102_extern"

set forward-domain 102

set interface "port3"

set vlanid 102

next

edit "vlan103_intern"

set forward-domain 103

set interface "port2"

set vlanid 103

next

edit "vlan103_extern"

set forward-domain 103

set interface "port3"

set vlanid 103

next

end

Step 2: Create the appropriate firewall policies

config firewall policy

edit 1

set srcintf "vlan102_extern"

set dstintf "vlan102_intern"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

next

edit 2

set srcintf "vlan102_intern"

set dstintf "vlan102_extern"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "All"

next

edit 3

set srcintf "vlan103_intern"

set dstintf "vlan103_extern"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "All"

next

edit 4

set srcintf "vlan103_extern"

set dstintf "vlan103_intern"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

next

end

Configuration example

Step 1: Create VLANs and forwarding domains

config system interface

edit "vlan102_intern"

set forward-domain 102

set interface "port2"

set vlanid 102

next

edit "vlan102_extern"

set forward-domain 102

set interface "port3"

set vlanid 102

next

edit "vlan103_intern"

set forward-domain 103

set interface "port2"

set vlanid 103

next

edit "vlan103_extern"

set forward-domain 103

set interface "port3"

set vlanid 103

next

end

Step 2: Create the appropriate firewall policies

config firewall policy

edit 1

set srcintf "vlan102_extern"

set dstintf "vlan102_intern"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

next

edit 2

set srcintf "vlan102_intern"

set dstintf "vlan102_extern"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "All"

next

edit 3

set srcintf "vlan103_intern"

set dstintf "vlan103_extern"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "All"

next

edit 4

set srcintf "vlan103_extern"

set dstintf "vlan103_intern"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

next

end