Vlans are designed to separate traffic. A router can connect the two networks or a layer 3 switch could be configured to connect the networks. You could also create multiple LIFs on the SVM, one for each Vlan.
We have a firewall policy set up at the layer 3 level to allow all traffic from the 10.10.20 subnet to the 10.10.25 subnet but when I try to mount a lif with a 10.10.25 IP from my workstation it won't connect. Everything is working correctly trying to mount with in the workstation subnet.
That was their desire, to be able to log information about who/what was being accessed. My main concern was the firewall slowing things down a bit, but then when i tried to connect to the SVM from a lif on a different vlan it wouldn't let me access it through that Lif. Thats why i am trying to figure out if/how to make that happen. As I said, the company firewall policy is wide open from 10.10.20 to 10.10.25, so i would think that the netapp is blocking that traffic somehow.
Also, if you wish to monitor, fpolicy will do just that. Just throwing it out there. It may work better because it doesn't have to perform any in-flight packet inspection but just logs exactly what is being accessed and when.