Chapter 10 Install and System Administration for FortiOS 5.0 : VLANs : Example VLAN configuration in NAT mode : Configure the FortiGate unit : Add the firewall addresses
  
Add the firewall addresses
You need to define the addresses of the VLAN subnets for use in security policies. The FortiGate unit provides one default address, “all”, that you can use when a security policy applies to all addresses as a source or destination of a packet. However, using “all” is less secure and should be avoided when possible.
In this example, the “_Net” part of the address name indicates a range of addresses instead of a unique address. When choosing firewall address names, use informative and unique names.
To add the firewall addresses - web-based manager
1. Go to Firewall Objects > Address > Addresses.
2. Select Create New.
3. Enter the following information and select OK:
Name
VLAN_100_Net
Type
Subnet
Subnet / IP Range
10.1.1.0/255.255.255.0
4. Select Create New.
5. Enter the following information and select OK:
Name
VLAN_200_Net
Type
Subnet
Subnet / IP Range
10.1.2.0/255.255.255.0
To add the firewall addresses - CLI
config firewall address
edit VLAN_100_Net
set type ipmask
set subnet 10.1.1.0 255.255.255.0
next
edit VLAN_200_Net
set type ipmask
set subnet 10.1.2.0 255.255.255.0
end
See Also
Configure the FortiGate unit
Configure the external interface
Add VLAN subinterfaces
Add the security policies