![]() The FortiGate unit can tag packets leaving on a VLAN subinterface. However, if multiple virtual domains are configured on the FortiGate unit, you only have access to the physical interfaces on your virtual domain. You can define VLAN subinterfaces on all FortiGate physical interfaces. The FortiGate unit directs packets with VLAN IDs to subinterfaces with matching IDs. When you add VLAN subinterfaces to the FortiGate’s physical interfaces, the VLANs have IDs that match the VLAN IDs of packets on the trunk link. The trunk link transports VLAN-tagged packets between physical subnets or networks. In NAT mode, the FortiGate unit supports VLAN trunk links with IEEE 802.1Q-compliant switches or routers. The FortiGate unit can also forward untagged packets to other networks such as the Internet. In this mode, the FortiGate unit controls the flow of packets between VLANs and can also remove VLAN tags from incoming VLAN packets. ![]() In NAT mode, the FortiGate unit functions as a layer-3 device. This reduces traffic and increases network security. These smaller domains forward packets only to devices that are part of that VLAN domain. VLANs use ID tags to logically separate devices on a network into smaller broadcast domains. Virtual Local Area Networks (VLANs) multiply the capabilities of your FortiGate unit and can also provide added network security.
0 Comments
Leave a Reply. |