Fortinet FortiGate-800 manual 151, To add a zone to a virtual domain Go to System Network Zone

VLAN3

Multiple zones in a single virtual domain cannot be connected to a single VLAN trunk. This configuration is correct because each zone is connected to a different VLAN trunk (zone1 connected to the VLAN trunk on the internal interface and zone2 connected to the VLAN trunk on the external interface). If you were to add another zone (for example, zone3 connected to the VLAN trunk on the internal interface) the FortiGate unit would not be able to successfully differentiate between traffic for zone1 and zone3. This is the case because both zone 1 and zone3 traffic would be routed to the same MAC address.

To add a zone to a virtual domain

1Go to System > Network > Zone.

2Select New to add a zone.

3Type a Name for the zone.

4Select the Virtual Domain to add the zone to.

5Optionally select Block intra-zone traffic to block traffic between VLAN subinterfaces in the same zone.

6Select OK to add the zone.

To add VLAN subinterfaces to a zone

1Go to System > Network > VLAN.

2Set Virtual Domain to All or to the virtual domain containing the VLAN subinterfaces to add to a zone.

3Select List to list all of VLAN subinterfaces added to the FortiGate unit or to the selected virtual domain.

4For a VLAN subinterface to add to a zone, select Modify .

5From the zone list, select the name of the zone to add the VLAN subinterface to.

6Select OK to save your changes.

You can also use the procedure “Adding VLAN subinterfaces” on page 147 to add a VLAN subinterface to a zone if you are adding new VLAN subinterfaces to a virtual domain to which you have already added zones.