USG5360 firewall works in transparent mode, firewall upstream connect with router, downstream connect with switch, setup subinterface on router as gateway of PC which connect with downstream switch, setup VLAN2 on firewall, the mode of port is trunk. Network disconnected when add firewall into network.
Change the VLAN ID of firewall to 20, problem solved, network connected.
Doubting the configuration of upstream and downstream port on firewall is wrong firstly, but it confirmed to be trunk after review. Then contrast the configuration of switch and firewall, finding out that VLAN ID on switch and subinterface of router are all 20, but VLAN ID configured on firewall is 2.
Firewall detected that the VLAN ID is 20 which data packet send by switch brings, but VLAN ID of local firewall is 2, the two IDs don’t match, so, firewall will drop data packet of VLAN 20 send by switch.