Skip to main content
Itaid
Itaid
New Member
December 23, 2024
Question

Vlan and Trunk

  • December 23, 2024
  • 2 replies
  • 2070 views

vlan.jpg

Best Way to configure Fortinet 60f as per given topology. In this topology every Lan5 -Lan 7 is connected to L2 manageable switches. All client devices are connected through these L2 switches.  What will be the best possible configuration?

2 replies

ebilcari
Staff
ebilcari
Staff
December 23, 2024

This will depend, are these Fortiswitches, do you need to span same VLANs through all the switches, is there any throughput requirement for horizontal traffic?

Emirjon
Itaid
ItaidAuthor
New Member
December 23, 2024

No these are not Fortiswitches, they may be any other switches from different vendors such as cisco, ruijie etc. I need all VLANs through all switches and no throughput requirement.

ebilcari
Staff
ebilcari
Staff
December 23, 2024

The easiest way could be creating a hardware switch with these 4 interfaces and create VLANs on top of it, like this:

vlan-ex.PNG

Emirjon
Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
December 23, 2024

By the way, the 60F doesn't have LAN6-8. It has 1-5 LAN port, a/b fortilink ports, and DMZ port. So you have to utilize a/b and DMZ as LAN6-8 if LAN1-5 are pre-occupied.
All of them are under the same switching fabric so you can bind them into a hardware-switch(or VLAN switch by default) once you removed a and b from fortilink.
https://docs.fortinet.com/document/fortigate/7.6.1/hardware-acceleration/758378/fortigate-60f-and-61f-fast-path-architecture

Toshi

Itaid
ItaidAuthor
New Member
December 24, 2024

Yes indeed, port 1-5 is free and not occupied. So we can use 1-5 instead of 6-8.Can you please elaborate with example or  configuration of using vlan switch?

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
December 24, 2024

In your situation, you don't have to/can't utilize VLAN switch specific feature(native vlan & trunk port, almost no practical use cases) it's the same as hard-switch. Only thing you need to be aware is your can not use VLAN 1 (reserved) on the FGT. Instead you need to utilize the parent/non-tagged interface, which is by default "internal" for LAN port 1-5. All VLAN tagged sub-interfaces you create on the internal interface would be spanned to all those member ports 1-5 just like regular trunk ports on the switches.
So once you created those VLAN 10 to 60 on internal (with Management IP), you can hook up each trunk port on those switches to any port in 1-5.

Toshi

Terms & ConditionsAccessibility statement