Hi all,
I am trying to configure a completely new network for a factory buildout. All of the equipment is new, patched to the latest versions.
I need 5 VLANs, all with access to the internet via a Fortigate 60F firewall (1 Guest, 4 Production) - all listed below for reference. The 4 Production networks need to be able to intercommunicate as well, the Guest does not. VLAN 4040 was created by Unifi by defautl.
I can get access to the internet, but only on one network (VLAN 0), not all. I have followed the best practice instructions from Ubiquiti but have issues getting that to work as expected.
Per Ubiquiti’s configuration information, I am to use 10.255.253.1 as the Firewall address and set Static Routes to all of the subnets. I am connected to port 1 on the switch which is set to the default profile ALL. When I try to create a VLAN Switch with a TAG of 4040, i get the response that VLAN ID 4040 is invalid - Maximum value of 3000. I therefore set the port of the Ubiquiti switch to have 10.255.253.0 as its default network. This allows communication to the internet for anything on 10.255.253.0, but not from any other network.
I have created static routes on the firewall for all the production VLANs pointing back to 10.255.253.3.
10.255.253.0/24 - Tag 4040 - Inter-VLAN Route - Router IP address 10.255.253.3
10.10.100.0/24 - Tag 0 - Default VLAN - IP Address 10.10.100.1
10.10.110.0/24 - Tag 10 - User VLAN - IP Address 10.10.110.1
10.10.120.0/24 - Tag 20 - Security VLAN - IP Address 10.10.120.1
10.10.130.0/24 - Tag 30 - Shop VLAN - IP address 10.10.130.1
192.168.99.0/24 - Tag 99 - Guest Network
Any thoughts on how to fix this issue?
Thanks,
Jack