Hi, the correcto answer is C&D. Why not A? Because by default diferents VLAN belong to the same broadcast domain at least you configure these vlans in different VDOMs.
I disagree. First of all broadcast = IP address | (! mask) so there will be different broadcast addresses 10.200.5.255 (port1-VLAN1) and 10.0.5.255 (port2-VLAN1). The second thing is if we have a separate network we need to create a firewall policy to allow traffic
Hello Team,
Something that confuse me about D is that as far I understand when we are talking about Vlans, when it is the same Vlan ID should not pass through the packet flow and only in the following scenarios, you will need a security policy:
Each VLAN needs a security policy for each of the following connections the VLAN will be using:
From this VLAN to an external network
From an external network to this VLAN
From this VLAN to another VLAN in the same virtual domain on the FortiGate
From another VLAN to this VLAN in the same virtual domain on the FortiGate
Please see https://docs.fortinet.com/document/fortigate/6.0.0/handbook/871185/vlans-in-nat-mode
Do you have any experience setting up a lab or documentation that states D is incorrect?
Thank you for your comments.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
myutran
Highly Voted 5 years, 7 months agoJuanTrabal
Most Recent 2 years, 9 months agoDUMLKY
4 years, 8 months agojagodziasz
4 years, 7 months agoCtnroger
4 years, 4 months agokarlito
4 years, 7 months agoronnycix
4 years, 5 months agondlgd
4 years, 8 months agocarroyoc
4 years, 10 months agojoeytrib
4 years, 11 months agomontonearm
5 years, 1 month agoZameerKhan
5 years, 2 months ago