Chapter 10 Install and System Administration for FortiOS 5.0 : VLANs : VLANs in NAT mode : Configuring security policies and routing : Configuring security policies
  
Configuring security policies
Security policies permit communication between the FortiGate unit’s network interfaces based on source and destination IP addresses. Interfaces that communicate with the VLAN interface need security policies to permit traffic to pass between them and the VLAN interface.
Each VLAN needs a security policy for each of the following connections the VLAN will be using:
from this VLAN to an external network
from an external network to this VLAN
from this VLAN to another VLAN in the same virtual domain on the FortiGate unit
from another VLAN to this VLAN in the same virtual domain on the FortiGate unit.
The packets on each VLAN are subject to antivirus scans and other UTM measures as they pass through the FortiGate unit.
See Also
VLAN ID rules
Configuring routing