Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.2.2 Administration Guide
    7.2.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Creating FortiSwitch VLANs

    Creating FortiSwitch VLANs

    To create a FortiSwitch VLAN:
    1. Go to FortiSwitch Manager > FortiSwitch Templates.
    2. In the tree menu, select VLANs.
    3. In the content pane, click Create New in the toolbar. The Create New VLAN Definition window opens.

    4. Enter the following information, then click OK to add the new VLAN.

      Interface Name

      Enter a name for the interface.

      VLAN ID

      Enter the VLAN ID

      Role

      Select the role for the interface: DMZ, LAN, UNDEFINED, or WAN.

      Estimated Bandwidth

      Enter the estimated upstream and downstream bandwidths.

      This option is only available when Role is WAN.

      Address

      Addressing mode

      The addressing mode.

      IP/Network Mask

      Enter the IP address and netmask.

      IPv6 Addressing mode

      Select the IPv6 addressing mode: Manual or DHCP.

      IPv6 Address/Prefix

      Enter the IPv6 address.

      This option is only available when IPv6 Addressing mode is Manual.

      Restrict Access

      Administrative Access

      Select the allowed administrative service protocols from: CAPWAP, DNP, FGFM,FTM,HTTP, HTTPS, PING, PROBE-RESPONSE, RADIUS-ACCT, SNMP, SSH, and TELNET.

      IPv6 Administrative Access

      Select the allowed administrative service protocols from: CAPWAP, FGFM, HTTP, HTTPS, PING, SNMP, SSH, and TELNET.

      DHCP Server

      Turn the DHCP server on or off.

      This option is only available when Role is LAN or UNDEFINED.

      DHCP Server IP

      Enter the DHCP server IP address.

      This option is only available when DHCP Server is ON and Mode is Relay.

      Address Range

      Configure address ranges for DHCP. Click Create to create a new range. Ranges can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      Netmask

      Enter the netmask.

      This option is only available when DHCP Server is ON and Mode is Server.

      Default Gateway

      Configure the default gateway: Same as Interface IP, or Specify. If set to Specify, enter the gateway IP address in the field.

      This option is only available when DHCP Server is ON and Mode is Server.

      DNS Server

      Configure the DNS server: Same as System DNS, Same as Interface IP, or Specify.

      This option is only available when DHCP Server is ON and Mode is Server.

      DNS Server 1 - 3

      Enter the DNS server IP addresses.

      This option is only available when DHCP Server is ON, Mode is Server, and DNS Server is Specify.

      Mode

      Select the DHCP mode: Server or Relay.

      This option is only available when DHCP Server is ON.

      NTP Server

      Configure the NTP server: Local, Same as System NTP, or Specify. If set to Specify, enter the NTP server IP address in the field.

      This option is only available when DHCP Server is ON and Mode is Server.

      Time Zone

      Configure the timezone: Disable, Same as System, or Specify. If set to Specify, select the timezone from the dropdown list.

      This option is only available when DHCP Server is ON and Mode is Server.

      Next Bootstrap Server

      Enter the IP address of the next bootstrap server.

      This option is only available when DHCP Server is ON and Mode is Server.

      Additional DHCP Options

      In the Lease Time field, enter the lease time, in seconds. Default: 604800 seconds (7 days).

      Add DHCP options to the table. See To add additional DHCP options: for details. Options can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      MAC Reservation + Access Control

      Select the action to take with unknown MAC addresses: assign or block.

      Add MAC address actions to the table. See To add a MAC address reservation: for details. Reservations can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      Type

      Select the type: Regular, or IPsec.

      This option is only available when DHCP Server is ON.

      Networked Devices

      These options are only available when Role is DMZ, LAN, or UNDEFINED.

      Device Detection

      Turn device detection on or off.

      Active Scanning

      Turn active scanning on or off.

      This option is only available when Device Detection is on.

      Admission Control

      These options are only available when Role is LAN or UNDEFINED.

      Security Mode

      Select the security mode: CAPTIVE-PORTAL, or NONE.

      Authentication Portal

      Configure the authentication portal: Local or External. If External is selected, enter the portal in the field.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      User Access

      Select Restricted to Groups or Allow All.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      User Groups

      Select user groups from the available groups.

      This option is available when Security Mode is CAPTIVE-PORTAL and User Access is Restricted to Groups.

      Exempt Sources

      Select sources that are exempt from the available firewall addresses.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Device

      Select user devices, device categories, and/or device groups.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Exempt Destinations

      Select destinations that are exempt from the available firewall addresses.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Exempt Services

      Select services that are exempt from the available firewall services.

      This option is only available when Security mode is CAPTIVE-PORTAL.

      Miscellaneous

      Scan Outgoing Connections to Botnet Sites

      Select Block, Disable, or Monitor.

      Secondary IP Address

      Turn secondary IP addresses on or off.

      Add IP addresses to the table. See To add a secondary IP address: for details. Addresses can also be edited and deleted as required.

      Status

      Comments

      Optionally, enter comments.

      Interface State

      Select if the interface is Enabled or Disabled.

      Advanced Options

      color

      Change the color of the interface to one of the 32 options.

      Per-Device Mapping

      Enable per-device mapping.

      Add mappings to the table. See To add per device mapping: for details. Mappings can also be edited and deleted as required.

    To add additional DHCP options:
    1. Click Create in the Additional DHCP Options table toolbar. The Additional DHCP Options dialog box opens.

    2. Enter the Option Code.
    3. Select the Type: hex, ip, or string.
    4. Enter the corresponding value.
    5. Click OK to create the option.
    To add a MAC address reservation:
    1. Click Create in the MAC Reservation + Access Control table toolbar. The MAC Reservation + Access Control dialog box opens.

    2. Enter the MAC Address.
    3. Select the End IP: Assign IP, Block, or Reserve IP. If reserving the IP address, enter it in the field.
    4. Optionally, enter a description.
    5. Click OK to create the reservation.
    To add a secondary IP address:
    1. Click Create New in the Secondary IP address table toolbar. A dialog box opens.
    2. Enter the IP address and netmask in the IP/Network Mask field.
    3. Select the allowed administrative service protocols from: CAPWAP, DNP, FGFM, FTM, HTTP, HTTPS, PING, PROBE-RESPONSE, RADIUS-ACCT, SNMP, SSH, and TELNET.
    4. Click OK to add the address.
    To add per device mapping:
    1. Click Create New in the Per-Device Mapping table toolbar. The Per-Device Mapping dialog box opens.

    2. Select the device to be mapped from the Mapped Device drop-down list.
    3. Enter the VLAN ID.
    4. Enter the mapped IP address and netmask in the Mapped IP/Netmask field.
    5. If required, enable DHCP Server and configure the options (options are the same as when creating a new VLAN definition).
    6. Click OK to add the device mapping.
    Previous
    Next

    Creating FortiSwitch VLANs

    Creating FortiSwitch VLANs

    To create a FortiSwitch VLAN:
    1. Go to FortiSwitch Manager > FortiSwitch Templates.
    2. In the tree menu, select VLANs.
    3. In the content pane, click Create New in the toolbar. The Create New VLAN Definition window opens.

    4. Enter the following information, then click OK to add the new VLAN.

      Interface Name

      Enter a name for the interface.

      VLAN ID

      Enter the VLAN ID

      Role

      Select the role for the interface: DMZ, LAN, UNDEFINED, or WAN.

      Estimated Bandwidth

      Enter the estimated upstream and downstream bandwidths.

      This option is only available when Role is WAN.

      Address

      Addressing mode

      The addressing mode.

      IP/Network Mask

      Enter the IP address and netmask.

      IPv6 Addressing mode

      Select the IPv6 addressing mode: Manual or DHCP.

      IPv6 Address/Prefix

      Enter the IPv6 address.

      This option is only available when IPv6 Addressing mode is Manual.

      Restrict Access

      Administrative Access

      Select the allowed administrative service protocols from: CAPWAP, DNP, FGFM,FTM,HTTP, HTTPS, PING, PROBE-RESPONSE, RADIUS-ACCT, SNMP, SSH, and TELNET.

      IPv6 Administrative Access

      Select the allowed administrative service protocols from: CAPWAP, FGFM, HTTP, HTTPS, PING, SNMP, SSH, and TELNET.

      DHCP Server

      Turn the DHCP server on or off.

      This option is only available when Role is LAN or UNDEFINED.

      DHCP Server IP

      Enter the DHCP server IP address.

      This option is only available when DHCP Server is ON and Mode is Relay.

      Address Range

      Configure address ranges for DHCP. Click Create to create a new range. Ranges can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      Netmask

      Enter the netmask.

      This option is only available when DHCP Server is ON and Mode is Server.

      Default Gateway

      Configure the default gateway: Same as Interface IP, or Specify. If set to Specify, enter the gateway IP address in the field.

      This option is only available when DHCP Server is ON and Mode is Server.

      DNS Server

      Configure the DNS server: Same as System DNS, Same as Interface IP, or Specify.

      This option is only available when DHCP Server is ON and Mode is Server.

      DNS Server 1 - 3

      Enter the DNS server IP addresses.

      This option is only available when DHCP Server is ON, Mode is Server, and DNS Server is Specify.

      Mode

      Select the DHCP mode: Server or Relay.

      This option is only available when DHCP Server is ON.

      NTP Server

      Configure the NTP server: Local, Same as System NTP, or Specify. If set to Specify, enter the NTP server IP address in the field.

      This option is only available when DHCP Server is ON and Mode is Server.

      Time Zone

      Configure the timezone: Disable, Same as System, or Specify. If set to Specify, select the timezone from the dropdown list.

      This option is only available when DHCP Server is ON and Mode is Server.

      Next Bootstrap Server

      Enter the IP address of the next bootstrap server.

      This option is only available when DHCP Server is ON and Mode is Server.

      Additional DHCP Options

      In the Lease Time field, enter the lease time, in seconds. Default: 604800 seconds (7 days).

      Add DHCP options to the table. See To add additional DHCP options: for details. Options can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      MAC Reservation + Access Control

      Select the action to take with unknown MAC addresses: assign or block.

      Add MAC address actions to the table. See To add a MAC address reservation: for details. Reservations can also be edited and deleted as required.

      This option is only available when DHCP Server is ON and Mode is Server.

      Type

      Select the type: Regular, or IPsec.

      This option is only available when DHCP Server is ON.

      Networked Devices

      These options are only available when Role is DMZ, LAN, or UNDEFINED.

      Device Detection

      Turn device detection on or off.

      Active Scanning

      Turn active scanning on or off.

      This option is only available when Device Detection is on.

      Admission Control

      These options are only available when Role is LAN or UNDEFINED.

      Security Mode

      Select the security mode: CAPTIVE-PORTAL, or NONE.

      Authentication Portal

      Configure the authentication portal: Local or External. If External is selected, enter the portal in the field.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      User Access

      Select Restricted to Groups or Allow All.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      User Groups

      Select user groups from the available groups.

      This option is available when Security Mode is CAPTIVE-PORTAL and User Access is Restricted to Groups.

      Exempt Sources

      Select sources that are exempt from the available firewall addresses.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Device

      Select user devices, device categories, and/or device groups.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Exempt Destinations

      Select destinations that are exempt from the available firewall addresses.

      This option is only available when Security Mode is CAPTIVE-PORTAL.

      Exempt Services

      Select services that are exempt from the available firewall services.

      This option is only available when Security mode is CAPTIVE-PORTAL.

      Miscellaneous

      Scan Outgoing Connections to Botnet Sites

      Select Block, Disable, or Monitor.

      Secondary IP Address

      Turn secondary IP addresses on or off.

      Add IP addresses to the table. See To add a secondary IP address: for details. Addresses can also be edited and deleted as required.

      Status

      Comments

      Optionally, enter comments.

      Interface State

      Select if the interface is Enabled or Disabled.

      Advanced Options

      color

      Change the color of the interface to one of the 32 options.

      Per-Device Mapping

      Enable per-device mapping.

      Add mappings to the table. See To add per device mapping: for details. Mappings can also be edited and deleted as required.

    To add additional DHCP options:
    1. Click Create in the Additional DHCP Options table toolbar. The Additional DHCP Options dialog box opens.

    2. Enter the Option Code.
    3. Select the Type: hex, ip, or string.
    4. Enter the corresponding value.
    5. Click OK to create the option.
    To add a MAC address reservation:
    1. Click Create in the MAC Reservation + Access Control table toolbar. The MAC Reservation + Access Control dialog box opens.

    2. Enter the MAC Address.
    3. Select the End IP: Assign IP, Block, or Reserve IP. If reserving the IP address, enter it in the field.
    4. Optionally, enter a description.
    5. Click OK to create the reservation.
    To add a secondary IP address:
    1. Click Create New in the Secondary IP address table toolbar. A dialog box opens.
    2. Enter the IP address and netmask in the IP/Network Mask field.
    3. Select the allowed administrative service protocols from: CAPWAP, DNP, FGFM, FTM, HTTP, HTTPS, PING, PROBE-RESPONSE, RADIUS-ACCT, SNMP, SSH, and TELNET.
    4. Click OK to add the address.
    To add per device mapping:
    1. Click Create New in the Per-Device Mapping table toolbar. The Per-Device Mapping dialog box opens.

    2. Select the device to be mapped from the Mapped Device drop-down list.
    3. Enter the VLAN ID.
    4. Enter the mapped IP address and netmask in the Mapped IP/Netmask field.
    5. If required, enable DHCP Server and configure the options (options are the same as when creating a new VLAN definition).
    6. Click OK to add the device mapping.
    Previous
    Next