VLANs allow you to split one physical network interface into several virtual LANs. The physical interface behaves like several interfaces, and the switch behaves like multiple switches. VLANs allow for layer 2 separation whenever layer 1 separation is not possible. The firewall can use up to 256 VLANs on one physical network interface and a maximum of 4094 VLANs globally. The VLAN interfaces are named physical interface.VLAN id
(e.g., eth2.200
). Only tagged traffic is handled by the firewall; untagged traffic sent directly to the physical interface is discarded. You must use a properly configured 802.1q VLAN-capable switch and NICs that use drivers capable of tagging VLAN traffic.
Step 1. Add Two VLAN Interfaces
- Go to NETWORK > IP Configuration.
-
In the Virtual Interface Configuration section, add the first entry for the VLAN:
VLAN Name – Enter the name for the VLAN.
Host Interface – Select the hardware interface.
VLAN ID – Enter the VLAN ID for differentiating between multiple VLANs.
-
Click Add.
-
In the Virtual Interface Configuration section, add the second entry for the VLAN.
VLAN Name – Enter the name for the VLAN.
Host Interface – Select the hardware interface.
VLAN ID – Enter the VLAN ID for differentiating between multiple VLANs.
Click Add.
Step 3. Perform a Network Activation
After you create or change basic network configurations such as routing, you must activate your new network configurations.
- Scroll to the top of the page.
- Click on the link inside of the warning message to execute the new network configuration.
Step 4. Create a Static Network Interface for the First VLAN
- Go to NEWORK > IP Configuration.
- In the Static Interface Configuration section, click Add Static Network Interface. The Add Static Interface window opens.
- From the Network Interface list, select the first VLAN port, e.g,
eth2.100
. - Enter a Name for the first VLAN network interface, e.g.,
vlanprv1
. - Enter the static WAN IP address, e.g.,
10.0.20.1
. - Enter the Netmask of the interface, e.g.,
255.255.255.0
. - From Services to Allow, select Ping to allow the interface to respond to ping packets.
- From the Classification list, select Trusted.
- Click Save.
Step 5. Create a Static Network Interface for the Second VLAN
- Go to NEWORK > IP Configuration.
- In the Static Interface Configuration section, click Add Static Network Interface. The Add Static Interface window opens.
- From the Network Interface list, select the first VLAN port, e.g.,
eth2.200
. - Enter a Name for the first VLAN network interface, e.g.,
vlanprv2
. - Enter the static WAN IP address, e.g.,
10.0.21.1
. - Enter the Netmask of the interface, e.g.,
255.255.255.0
. - From Services to Allow, select Ping to allow the interface to respond to ping packets.
- From the Classification list, select Trusted.
- Click Save.
Step 6. Perform a Network Activation
After you create or change basic network configurations such as routing, you must activate your new network configurations.
- Scroll to the top of the page.
- Click on the link inside of the warning message to execute the new network configuration.
Step 7. Verify the New Configuration
There are two places to verify that the two VLAN interfaces have been configured as expected:
Go to NETWORK > IP Configuration. If no errors occurred during the configuration, you can see the two VLAN interfaces both in the Network Interface Configuration and Static Interface Configuration tables.
Go to NETWORK > Routing. If no errors occurred during the configuration, you can see the two VLAN interfaces in both the Network Routes and the Network Interfaces tables.