Please refer the link for configuration of subinterface or router on stick configuration on fortigate firewall
If your using fortigate firewall as core or perimeter devices and Cisco SG300 as distribution switch in your setup then you can accomplish this task by creating sub interface on fortigate firewall
Configure SG300 switch to Fortigate firewall with trunk link allowing all vlans
And configuration public ip of isp on outside interface of fortigate and configure default route in fortinet firewall pointing towards isp gateway
And now in SG300 switch create all vlans which were created in fortigate subinterface . Now create access ports in SG300 switch for desktops ,and server connetivity.
Then after create outbound policy in perimeter firewall for internet access
source interface : Lan destination interface : Outside facing interface source address : LAN POOL NETWORK Destination address : ANY servies: ports allowed as per your requirements action : ALLOWED Security profiles: ON
Then create inbound policy in firewall if your are having application hosted in your local lan and wants to access from internet
Creaat VIP object as Publi ip mapping with " Object name " WEB SERVER = Publicip mapped with application hosted private ip
inbound policy
source interface : outside interface destination interface : LAN SOURCE ADDRESS : any destination address : WEB SERVER /*As per vip created above */ services : as per application requirement mostly "https" security profiles : on action : allowed
Create implicit deny policy at bottom \ *this policy is used to deny non matching traffic and to monitoring unwanted traffic on firewall
Source interface : any destination interface :ANY Source address : any destination address : any services ports : any action : deny