Chapter 10 Install and System Administration for FortiOS 5.0 : VLANs : VLANs in transparent mode : VLANs and transparent mode : Create security policies
  
Create security policies
In transparent mode, the FortiGate unit performs antivirus and antispam scanning on each VLAN’s packets as they pass through the unit. You need security policies to permit packets to pass from the VLAN interface where they enter the unit to the VLAN interface where they exit the unit. If there are no security policies configured, no packets will be allowed to pass from one interface to another.
To add security policies for VLAN subinterfaces - web based manager
1. Go to Firewall Objects > Address > Addresses.
2. Select Create New to add firewall addresses that match the source and destination IP addresses of VLAN packets.
3. Go to Policy > Policy > Policy and select Create New.
4. Leave the Policy Type as Firewall and the Policy Subtype as Address.
5. From the Incoming Interface/Zone list, select the VLAN interface where packets enter the unit.
6. From the Outgoing Interface/Zone list, select the VLAN interface where packets exit the unit.
7. Select the Source and Destination Address names that you added in step 2.
8. Select OK.
To add security policies for VLAN subinterfaces - CLI
config firewall address
edit incoming_VLAN_address
set associated-interface <incoming_VLAN_interface>
set type ipmask
set subnet <IPv4_address_mask)
next
edit outgoing_VLAN_address
set associated-interface <outgoing_VLAN_interface>
set type ipmask
set subnet <IPv4_address_mask>
next
end
config firewall policy
edit <unused_policy_number>
set srcintf <incoming_VLAN_interface>
set srcaddr incoming_VLAN_address
set destintf <outgoing_VLAN_interface>
set destaddr outgoing_VLAN_address
set service <protocol_to_allow_on VLAN>
set action ACCEPT
next
end