VLANs on single LAN interface

Question

Hello everybody and thank you for your support 
 I'm deploing a new couple of XG Firewals instead of two old UTM9 but i've found many problems on VLAN configuration. 
 This is my actual UTM9 configuration: 
 As you can see i've the ETH1 configured with 3 Vlans and everything works fine.

On the XG i'm trying to replicate my configuration creating 3 vlans on eth8 
 My first question is: why do i have to configure an ip on the physical ifc if i'm configuring vlans on that interface? 
 And why the only working vlan is the one on the same subnet of the physical interface?

If i connect something on 172.16.100.X subnet everything works fine, but on 172.16.90.X don't work. 
 The only firewall rule i've created is from (zone) LAN (host) VLAN100 network; VLAN90 network ---> WAN 
 My network topology is very easy, just 2 FW and 2 managed switch. 
 On the switches the port connected to the XG is configured in trunk mode.

I have to use only one cable between XG and Switches as is 
 The XG version is SFOS 17.0.6 MR-6

LuCar Toni · Answer

You will get use to it, if you know the small hints. 
 There are couple of "tweaks" in UTM, you have to know. But this will lead into off topic.

rfcat_vk · Answer

Hi, 
 you must have an IP address on the physical and a seperate IP address range for the VLAN. VLANs on XG are L3 while on the UTM are L2. 
 Ian