Chapter 7 – Security
7-3 Vlan and Security Profile
Learning Objectives
- Configure Vlans in FortiGate firewall
- Configure a Security Policy for Vlans
| Device | IP address | Access |
| FortiGate | Port 1: DHCP Client
Port 2: Vlan 10: 192.168.10.1/24 Vlan 20: 192.168.20.1/24 |
ICMP-HTTP-HTTPS |
| Web Term1 | DHCP Client | – |
| Web Term2 | DHCP Client | – |
Step 1- Switch Configuration
Right-click on the Switch> Configure, configure eth0,eth1, and eth 2 as table 7-3:
| Port | Vlan | Type |
| 0 | 1 | Dot1q |
| 1 | 10 | Access |
| 2 | 20 | Access |
Step 2
You should create two sub-interfaces on port2 of the firewall.
Step 3: Block YouTube and Social Media on Vlan 20
1- Create an application profile as Figures 7-28.
2- Configure Firewall Policy from Vlan 20 to Port1 and assign application control to the Firewall Policy.
3- Verify your configuration by visiting Twitter.com or YouTube.com website.
Step 4: Filter .zip, .pdf files on Vlan 10
1- Create a File filtezr profile. File filter only works on the unencrypted protocol. Set traffic for both and finally set the action to block.
2- Make sure to set the feature set as flow-based.
3- Create a Firewall Policy in the firewall from vlan10 to port1, inspection mode should be Proxy-based, and assign the profile you have created to File Filter.
4- Verify your configuration by downloading a zip or pdf file from HTTP websites.
