[Wylug-help] [OT maybe?] 3COM VLAN / Fortigate problems

[Jim Jackson]

James,

On Mon, 14 Aug 2006, James Gregory wrote:
> At Greenhead College, we are currently having some problems with VLANs
> and our Fortigate firewall. We have three VLANs, 1 is academic, 2 is
> admin and 3 is DMZ. Unfortunately, our Fortigate firewall only has
> three ports - external, internal and DMZ - so we were hoping to trunk
> (I think that is the correct term) VLANs 1 and 2 into the internal
> port of the Fortigate. The Fortigate is correctly set up to identify
> the two VLANs and split them accordingly.
>
> Before summer, we had just the academic VLAN trunking down to
> Fortigate (there were no admin computers connected to the 3COM switch)
> and this system seemed to work fine. However, as soon as we attempt to
> connect the admin network to the 3COM switch,

are you sure the 3Com switch supports VLANs? I'm assuming you are really
talking about 802.1q?

Jim

> all internet
> connectivity fails and we are unable to connect to the Fortigate
> firewall or any internet/DMZ computers. Even computers on the academic
> network that are set up to see the Fortigate gateway fail to see it.
>
> I attached a hub to the trunk connection (from the 3COM to the
> Fortigate) and ran Ethereal on my laptop. The results showed a large
> number of ARP packets (mainly the Fortigate trying to find other hosts
> on the network - even hosts that it should have already known about!)
> but no TCP packets at all. Once we removed one of the networks (either
> academic or admin), then the TCP packets would be restored (albeit
> after a short delay).
>
> Any suggestions or solutions on how to remedy this would be most
> welcome as we have no idea how to fix this.
>
> Thanks in advance,
> --
> James Gregory
> e: jgxenite at gmail.com
> w: http://james.fuji.greenhead.ac.uk/
>
> _______________________________________________
> Wylug-help mailing list
> Wylug-help at wylug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/wylug-help
>