Configure Two VLANs on the Same Interface

A network interface on a Firebox is a member of more than one VLAN when the switch that connects to that interface carries traffic from more than one VLAN. This example shows how to connect one switch that is configured for two different VLANs to a single interface on the Firebox.

This diagram shows the configuration for this example.

A diagram of the VLAN architecture described in this topic. The Firebox or XTM device is connected to a single switch, which is itself connected to two different VLANs: VLAN10 for Accounting, and VLAN20 for Sales.

In this example, computers on both VLANs connect to the same 802.1Q switch, and the switch connects to interface 3 on the Firebox.

Each device on these two VLANs must set the IP address of the default gateway to be the IP address configured for the VLAN. In this example:

  • Devices on VLAN10 must use 192.168.10.1 as their default gateway.
  • Devices on VLAN20 must use 192.168.20.1 as their default gateway.

Configure the VLAN Settings in Fireware Web UI

  1. Select Network > Interfaces.
  2. Select interface number 3.
  3. Click Edit.

Screenshot of the Interface Configuration - VLAN page.

  1. In the Interface Name (Alias) text box type vlan.
  2. From the Interface Type drop-down list, select VLAN.
  3. Click Save.
  1. Select Network > VLAN.
  2. Click Add.
  3. In the Name text box, type a name for the VLAN. For this example, type VLAN10.
  4. In the Description text box, type a description. For this example, type Accounting.
  5. In the VLAN ID text box, type the VLAN number configured for the VLAN on the switch. For this example, type 10.
  6. From the Security Zone drop-down list, select the security zone. For this example, select Trusted.
  7. In the IP Address text box, type the IP address to use for the Firebox on this VLAN. For this example, type 192.168.10.1/24.
  8. In the interface list, select the interface called vlan.
  9. From the Select Traffic drop-down list, select Tagged traffic.

Screenshot of the VLAN dialog box, with the settings completed for VLAN10.

  1. Click Save.
  2. Click Add to add the second VLAN.
  3. In the Name text box, type VLAN20.
  4. In the Description text box, type Sales.
  5. In the VLAN ID text box, type 20.
  6. From the Security Zone drop-down list, select Optional.
  7. In the IP Address text box, type the IP address to use for the Firebox on this VLAN. For this example, type 192.168.20.1/24.
  8. In the interface list, select the interface called vlan.
  9. From the Select Traffic drop-down list, select Tagged traffic.
  10. Click Save.
  11. Both VLANS now appear in the list, and are configured to use the defined VLAN interface.

Screenshot of the VLANs page, with both VLANs completed.

Configure the VLAN Settings in Policy Manager

  1. Select Network > Configuration.
  2. Select the VLAN tab.
  3. Click Add.
    The New VLAN Configuration dialog box appears.
  4. In the Name (Alias) text box, type a name for the VLAN. For this example, type VLAN10.
  5. In the Description text box, type a description. For this example, type Accounting.
  6. In the VLAN ID text box, type the VLAN number configured for the VLAN on the switch. For this example, type 10.
  7. From the Security Zone drop-down list, select the security zone. For this example, select Trusted.
  8. In the IP Address text box, type the IP address to use for the Firebox on this VLAN. For this example, type 192.168.10.1/24.
  9. (Optional) To configure the Firebox to act as a DHCP server for the computers on VLAN10:
    • Select Use DHCP Server.
    • To the right of the Address Pool list, click Add.
    • For this example, in the Starting address text box, type 192.168.10.10 and in the Ending address text box type 192.168.10.20.

The finished VLAN10 configuration for this example looks like:

Screenshot of the Network Configuration dialog box, VLAN tab, with a completed configuration for VLAN10.

  1. Click OK to add the new VLAN.
  2. Click Add to add the second VLAN.
  3. In the Name (Alias) text box, type VLAN20.
  4. In the Description text box, type Sales.
  5. In the VLAN ID text box, type 20.
  6. From the Security Zone drop-down list, select Optional.
  7. In the IP Address field, type the IP address to use for the Firebox on this VLAN. For this example, type 192.168.20.1/24.
  8. (Optional) To configure the Firebox to act as a DHCP server for the computers on VLAN20:
  • Select Use DHCP Server.
  • To the right of the Address Pool list, click Add.
  • For this example, in the Starting address text box, type 192.168.20.10 and in the Ending address text box type 192.168.20.20.

Screenshot of the Network Configuration dialog box, VLAN tab, with a completed configuration for VLAN20.

  1. Click OK to add the new VLAN.
    Both VLANs now appear in the VLAN tab of the Network Configuration dialog box.

Screenshot of the Network Configuration dialog box, VLAN tab, with both completed VLAN configurations.

  1. Click the Interfaces tab.
  2. Select Interface 3.
  3. Click Configure.

Screenshot of the Interface Settings dialog box.

  1. From the Interface Type drop-down list, select VLAN.
  2. Select the Send and receive tagged traffic for selected VLANs check box.
  3. Select the check boxes for VLAN10 and VLAN20.
  4. Click OK.

Related Topics

About Virtual Local Area Networks (VLANs)

Define a New VLAN

Assign Interfaces to a VLAN