Description |
This article will provide an example configuration containing a downstream Layer-3 switch configured with VLANs and Inter-VLAN routing. When Inter-VLAN routing is done by a downstream Layer-3 switch, FortiGate is unfamiliar with the VLANs created on the downstream switch. |
Scope | FortiOS, FortiGate, Routing, Inter-VLAN. |
Solution |
Topology:
Configuration: The following steps focus on the FortiGate configuration only.
Port2 on FortiGate:
Static Route for each VLAN on FortiGate:
Firewall Policy:
Verification: Once the above configuration is completed, downstream devices should have internet access. Packet capture on FortiGate should demonstrate the downstream VLAN traffic without VLAN tagging reaching FortiGate destined for the internet. A VLAN tag 802.1Q header is not present in the capture verifies that traffic is reaching FortiGate untagged. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.