Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

ChaiRaga
New Contributor

Created on ‎10-20-2017 01:10 AM

Fortigate switching

I hope this can help.

Sometime Fortigate is used as branch's default gateway, and at that branch we are using multiple VLAN and multiple switches.

Please see attachment for topology

It is quite challenging since fortigate GUI is very limited. Not all feature shown using GUI.

Below is the example of how to solve.

 

 

FG080D3915001432 # config system switch-interface

! -- enter system switch-interface

 

FG080D3915001432 (switch-interface) # edit switch3

new entry 'switch3' added

! -- create new switch interface, named 'switch3'

 

FG080D3915001432 (switch3) # set vdom root

FG080D3915001432 (switch3) # set member port3

FG080D3915001432 (switch3) # set member port4

! -- set switch interface member.

FG080D3915001432 (switch3) # next

FG080D3915001432 (switch-interface) # end

 

FG080D3915001432 # config system interface

FG080D3915001432 (interface) # edit switch3

FG080D3915001432 (switch3) # set vlanforward enable

FG080D3915001432 (switch3) # set l2forward enable

FG080D3915001432 (switch3) # next

! -- make the switch3 to forward vlan and l2 traffic

 

FG080D3915001432 (interface) # edit vlan4

new entry 'vlan4' added

! -- create VLAN 4 interface

FG080D3915001432 (vlan4) # set interface switch3

! -- map VLAN 4 to use switch3 interface (port3 and port4)

FG080D3915001432 (vlan4) # set vlanid 4

! -- assign VLAN tagging ID

FG080D3915001432 (vlan4) # set ip 192.168.30.1/24

! -- assign IP Address

FG080D3915001432 (vlan4) # set allowaccess ping

! -- set allow ping

FG080D3915001432 (vlan4) # set vdom root

FG080D3915001432 (vlan4) # next

 

FG080D3915001432 (interface) # edit vlan5

new entry 'vlan5' added

! -- create VLAN 5 interface

FG080D3915001432 (vlan5) # set interface switch3

! -- map VLAN 5 to use switch3 interface (port3 and port4)

FG080D3915001432 (vlan5) # set vlanid 5

! -- assign VLAN tagging ID

FG080D3915001432 (vlan5) # set ip 192.168.40.1/24

! -- assign IP Address

FG080D3915001432 (vlan5) # set allowaccess ping

! -- set allow ping

FG080D3915001432 (vlan5) # set vdom root

FG080D3915001432 (vlan5) # next

FG080D3915001432 (interface) # end​

 

thats all. Good luck

Preview file
31 KB
Labels:
303
0 Kudos
0 REPLIES 0
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.