Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sahmed_FTNT
Staff & Editor
Staff & Editor

Created on ‎11-17-2025 06:59 AM

Article Id 419180

Technical Tip: FortiGate traffic not passing between VLANs in Azure

Description This article describes that the  traffic is not passing from one VLAN to another internally in Azure despite all policies
Scope FortiGate.
Solution

The User traffic is internal, coming from VlanA to VlanB in Azure Cloud

 

IPV4 Policy:

 

config firewall policy
   edit <id>
        set name "VlanA-B"
        set uuid xxxxxxx-c238-51f0-4931-xxxxx
        set srcintf "VlanA"
        set dstintf "VlanB"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
   next
end

 

Reverse policy as per the traffic requirement:

 

config firewall policy
   edit <id>
        set name "VlanB-A"
        set uuid xxxxxxx-c238-51f0-4931-xxxxx
        set srcintf "VlanB"
        set dstintf "VlanA"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
   next
end

 

If policies are correct and the sniffer is visible, traffic is going out from the correct outgoing interface.

 

Make sure the settings below are enabled on the Azure side:

 

Enable: IP Forwarding

 

edit-sdwan.jpg
100
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.