[Wylug-help] [OT maybe?] 3COM VLAN / Fortigate problems

[James Gregory]

Hi all,

This is my first post to WYLUG so I hope I don't offend anyone if I'm
not using the "mailing list etiquette". It may also be off topic -
sorry if it is.

At Greenhead College, we are currently having some problems with VLANs
and our Fortigate firewall. We have three VLANs, 1 is academic, 2 is
admin and 3 is DMZ. Unfortunately, our Fortigate firewall only has
three ports - external, internal and DMZ - so we were hoping to trunk
(I think that is the correct term) VLANs 1 and 2 into the internal
port of the Fortigate. The Fortigate is correctly set up to identify
the two VLANs and split them accordingly.

Before summer, we had just the academic VLAN trunking down to
Fortigate (there were no admin computers connected to the 3COM switch)
and this system seemed to work fine. However, as soon as we attempt to
connect the admin network to the 3COM switch, all internet
connectivity fails and we are unable to connect to the Fortigate
firewall or any internet/DMZ computers. Even computers on the academic
network that are set up to see the Fortigate gateway fail to see it.

I attached a hub to the trunk connection (from the 3COM to the
Fortigate) and ran Ethereal on my laptop. The results showed a large
number of ARP packets (mainly the Fortigate trying to find other hosts
on the network - even hosts that it should have already known about!)
but no TCP packets at all. Once we removed one of the networks (either
academic or admin), then the TCP packets would be restored (albeit
after a short delay).

Any suggestions or solutions on how to remedy this would be most
welcome as we have no idea how to fix this.

Thanks in advance,
-- 
James Gregory
e: jgxenite at gmail.com
w: http://james.fuji.greenhead.ac.uk/