Virtual LANs are isolated broadcast domains within a network.
VLANs tag packets to make traffic appear to be on the network, but they handle the traffic as though it were on a separate network. You can implement VLAN technology between the firewall and 802.1Q–compliant switches and routers.
You can create VLANs on physical interfaces, such as ports (for example, Port1, PortA, eth0), on RED interfaces, or on virtual interfaces, such as bridge or LAG.
For distributed VLANs, you can assign them across multiple switches. Communication within a VLAN happens through the switch, while communication across different VLANs requires a layer 3 device, such as a router, a layer 3 switch, or a firewall.
The firewall recognizes VLAN IDs, allowing you to apply firewall rules specific to each VLAN, including authentication and other relevant policies. You can also apply firewall rules to secure the network between broadcast domains.