Transparent mode in the middle of 802.1q trunk

Forum|Forum|18 years ago
May 12, 2008
6 replies
4496 views

Hi, the firewall is dropping all my traffic from the vlans in the trunk. any1?

Contributor

Your question is vague to me but I will tell you that I have found that when running multiple VLANs through a trunk on the Fortigates in TP Mode you have to create a VDOM for each VLAN. Otherwise the sessions get jacked somehow. Somehow the session tables will see traffic from 1 VLAN going through and coming back on another which will screw the session tables up unless you VDOM the VLANS off.

playerAuthor

New Member

suppose that i have 100 vlans in that trunk, i need to creat 100 vdoms for each one? seems a little bit funny and not real. there must be a way to deploy the FGT in the middle of the trunk in tp mode...

A

Anonymous_User

Contributor

This supports my post: http://kc.fortinet.com/default.asp?id=791&Lang=1&SID=

A

Anonymous_User

Contributor

hello, try to create a pair of vlan interface in each vlan id, example: vlan99-wan1 vlan id=99 physical interface=wan1 vlan99-internal vlan id=99 physical interface=internal firewall policy: vlan99-wan1 > vlan99-internal and vice versa, and so on with other different vlan id. if it' s not working, then you should use per-vlan-vdom or forward-domain per vlan interface. Regards, Fadhil

red_adair

New Member

rather building VDOMs for each pair - you simply can put each VLAN-pair into a " L2 forwarding domain"

  #conf sys inter  edit vlan_p1_100    set fwdomain 123  next  edit vlan_p2_100    set fwdomain 123  next  edit vlan_p1_200    set fwdomain 987  next  edit clan_p2_200    set fwdomain 987

check the CLI Ref guid for " set fwdomain" Broadcasts (like ARP) are only forwarded within one fwdomain (or vdom) -R.

Layard

New Member

What Fortinet recommend when you have a lot of VLANS is just what red.adair said, put each VLAN in a separate L2 forwarding domain. http://docs.fortinet.com/fgt/techdocs/fortigate-vlans-vdoms.pdf Page 195

ede_pfau

SuperUser

d!rk' s pointer is this (it' s an old article:) " Avoiding ARP problems with VLANs in Transparent mode" http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=10791 And this looks like your solution on a silver platter: " Technical Note : Configuring a FortiGate in Transparent mode with trunks (802.1q - VLANs) and forwarding domains" http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30083 supplemented by " Technical Tip: Configuring a FortiGate in Transparent mode to forward traffic on VLANs and remapping VlanID using forwarding domains" http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD32877

rwpatterson

New Member

I started reading this and saw names from WAYYYY back... This post is as old as dirt...

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded