Access among Bridge Ports

Forum|Forum|8 years ago
February 16, 2018
1 reply
3867 views

I have a Fortigate 200D appliance.

When I put many interfaces in a bridge, does it act like a normal L2 switch? How does the access policy among bridge interfaces work? Is there unrestricted access among bridge members like a L2 switch?

ede_pfau

SuperUser

hi,

1- yes,

2- you cannot control traffic between switch ports

3- yes

In short, it's just a L2 switch. In some (higher) models a hardware switch chip is used, the smallest models use a software switch. In this case, the data handling is different but policing is not affected.

aviltAuthor

New Member

Thank you How to find out from the spec whether filtering within bridge is supported or not

ede_pfau

SuperUser

good question - as far as I know there is no direct mentioning of this in the Handbook.

Maybe you can deduct this from this reasoning:

Policies control traffic between logical ports. A physical port is at the same time a logical port, a VLAN is a logical port, an IPsec VPN phase1 is a logical port, but a switch is only one logical port consisting of one or several physical ports. Members of port aggregations (like LACP trunks, switches, zones) cannot be addressed individually. Thus a policy between member ports of an aggregation is not possible.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded