On the switch there are 2 vlan 10 and 20 and both are connected to firewall port3 with vlan 10 and 20 , then how I can put single default ip as a gateway for both vlan.

I want to separate vlan traffic over the switch and firewall as well 

PC1 IP 20.0.10.1 gateway 20.0.10.6 SW1 Vlan10 20.0.10.6 firewall(port3) Vlan10 20.0.10.5

PC2 IP 20.0.20.2 gateway 20.0.20.6 SW1 Vlan20 20.0.20.6 firewall(port3) 20.0.20.5

How I can separate the vlan traffic?

@rdquraishi 

Configure Gateways on PCs with respective IP hosted by L3 equipement, i.e. the FW in your case

I have configure interface vlan 10 and 20 which are the gateway for pc, when pining 8.8.8.8 from the pc traffic is getting droped on gateway 

Hello,

what routing do you have configured on the switch and on the firewall ? Post the running configs of the switch and the firewall...

Hello,

post the output of 'sh run' so the entire configuration is visible.

FG-LAN-SW1#terminal length 0
FG-LAN-SW1#show running-config
Building configuration...

Current configuration : 1058 bytes
!
! Last configuration change at 14:30:23 UTC Mon Feb 19 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname FG-LAN-SW1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Ethernet0/1
switchport access vlan 10
switchport mode access
!
interface Ethernet0/2
switchport access vlan 20
switchport mode access
!
interface Ethernet0/3
!
interface Vlan10
ip address 20.0.10.6 255.255.255.0
!
interface Vlan20
ip address 20.0.20.6 255.255.255.0
!
ip forward-protocol nd
!
ip http server
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
!
!
!
end

FG-LAN-SW1#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Et0/0 on 802.1q trunking 1

Port Vlans allowed on trunk
Et0/0 1-4094

Port Vlans allowed and active in management domain
Et0/0 1,10,20

Port Vlans in spanning tree forwarding state and not pruned
Et0/0 1,10,20
FG-LAN-SW1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

20.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 20.0.10.0/24 is directly connected, Vlan10
L 20.0.10.6/32 is directly connected, Vlan10
C 20.0.20.0/24 is directly connected, Vlan20
L 20.0.20.6/32 is directly connected, Vlan20
FG-LAN-SW1#

if i put default gateway 10.5 and 20.5 on pc that works, but i dont want to use firewall as gateway i have to put switch as gateway, what would be possible solution on this case

Ok np. In that case I would suggest creating a transit network between the switch and the firewall, say VLAN 30, and then you configure the switch port connected to the firewall in VLAN 30 in access mode, and finally you configure a default route on the switch pointing to the firewall as the default gateway "ip route 0.0.0.0 0.0.0.0 < the firewall interface in VLAN 30 >".

In that scenario the inter-VLAN routing will be managed by the switch, and only the traffic that will need to go out will hit the firewall.