Hey all,
I’ve posted this in the Fortinet subreddit, but I feel like this is a networking/routing issue.
I am running a FortiGate 100D and I have created 5 VLANs (DHCP server enabled) with 5 different subnets and assigned them to port 1, 3, 5, 7, and 9 on individual interface mode.
Here is a list of the VLANs and their IP Addresses:
VLAN 10 - 192.168.10.1/24 VLAN 16 - 192.168.16.1/23 VLAN 32 - 192.168.32.1/23 VLAN 64 - 192.168.64.1/23 VLAN 774 - 192.168.7.1/23
I have 3 Cisco SG350 switches and as a test, I trunked 2 ports on one switch, one for VLAN 16 and 32, and connected it to the VLAN 16 and VLAN 32 firewall interfaces. I then set two more ports on the switch as access ports and assigned VLAN 16 to one and VLAN 32 to the other. I then connected two Macs to those access ports, they receive the correct IP addresses just fine. Now by default, there should be no routing between these VLANs as they're in different subnets, correct? Will do my astonishment this is not the case, while the Mac with a VLAN 16 address can't ping the VLAN 32 Mac, the 32 Mac and ping the 16 Mac. I have no clue how this is the case and can use any help on troubleshooting this. There are no IP policies configured on the FG that relate to these VLANs/interfaces/subnets. Here is a picture of the physical set up, here is a screenshot of the Cisco switch VLAN config, and here is a screenshot of the interface setup on the FG. I feel like it's a routing issue, as if I create a zone, add all VLANs in it, and allow intra-zone traffic, both Macs are able to ping each other. I'm just confused to how any of the VLANs can communicate with no IP policies being created yet.
No comments:
Post a Comment