Layer 2 ports on Fortigate firewall

Forum|Forum|6 years ago
July 7, 2019
1 reply
20868 views

Hi everyone.

I am new to Fortigate firewall, coming from Juniper SRX back ground.

This is what I am trying to accomplish:

End hosts--SW--trunk----Port2-Fortigate FW

Port 2 should be layer 2 trunk port, accept tagged traffic for vlan 20

Vlan 20 should be defined and have IP 2.2.2.2/24

How do I proceed?

Additional info:

Platform: VM (Fortigate-VM64, version v6.2.0 ,build 0866)

Thanks and have a nice weekend!!

Dataset

Best answer by hubertzw

Hi Add vlan20 interface as part of port2 and assign IP. You will have ability to add more vlans in the future

hubertzwAnswer

New Member

Hi Add vlan20 interface as part of port2 and assign IP. You will have ability to add more vlans in the future

zeeAuthor

New Member

Thanks for your response.

Just to be clear about the tagging logic on Fortigate firewall.

1) On other vendors, we have to specifically tell the FW treat the port as tagged port.

2) On Fortigate FW, there is no such setting, rather the presence of multiple vlans on a single port, tells the FW to use tagging i.e no we do not need to tell FW to use tag via some specific config, just put vlans on a port will do the trick.

Have a good weekend!!

Leen

New Member

Every Fortigate VLAN interface is seen as a physical interface and does need

- firewall routing

- firewall policies

You can combine interfaces into a zone (depending which Forti OS version you have). This will limit the number of policies you need to manage.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded