Use zones and save your sanity! This video goes into some basic zone deployment to help consolidate policy and reduce the number of interface pairs on your policy page.
Should I be concerned if the Zone status when creating policy shows as down? I have a FG90D with the internal switch in hardware switch mode. When I create the zone and include my VLAN interfaces, then create my policy from/to that Zone it shows as down. If its not to be worried about, no problem, I just don’t like seeing red/down. One of those OCD things. Thanks for your site and your videos. I’ve learned quite a bit!
They do that from time to time. I have a few zones on a couple of my clients that show as down when making policies even though the interfaces they have are up and operational. The policies work fine and I have witnessed no ill effects outside of OCD exhaustion!
i just see your good video,
i have some question,
i have problem with my vlan access to internal, it is needed to create vlan in interface mode ? since i create vlan in internal switch
Your VLANs have to be created on a port (interface) on the Gate in some fashion. If you have just the internal switch you would create the vlan interface off of that and proceed accordingly.
Should I be concerned if the Zone status when creating policy shows as down? I have a FG90D with the internal switch in hardware switch mode. When I create the zone and include my VLAN interfaces, then create my policy from/to that Zone it shows as down. If its not to be worried about, no problem, I just don’t like seeing red/down. One of those OCD things. Thanks for your site and your videos. I’ve learned quite a bit!
They do that from time to time. I have a few zones on a couple of my clients that show as down when making policies even though the interfaces they have are up and operational. The policies work fine and I have witnessed no ill effects outside of OCD exhaustion!
i just see your good video,
i have some question,
i have problem with my vlan access to internal, it is needed to create vlan in interface mode ? since i create vlan in internal switch
Your VLANs have to be created on a port (interface) on the Gate in some fashion. If you have just the internal switch you would create the vlan interface off of that and proceed accordingly.
Hi Mike, do you know if zones work now with FortiOS 5.6.3 and NGFW Policies?
I haven’t been able to push to 5.6.3. It is causing issues with VLANs on some of my devices.