FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rtanagras
Staff
Staff
Article Id 351794
Description

This article explains how to manage untagged traffic on a FortiGate interface.

By default, untagged traffic arriving on a FortiGate interface is processed by the physical interface itself. This means that the physical interface handles the untagged traffic directly.

Scope FortiGate.
Solution

To manage untagged traffic, configure the physical interface where the untagged traffic is expected. No additional VLAN configuration is required.

 

If the native VLAN uses the 192.168.x.x/24 network, the interface can be configured as follows:

 

Command line:

 

config system interface
     edit "port1"
          set vdom "root"
          set ip 192.168.1.1 255.255.255.0
          set allowaccess ping https ssh
     next
end

 

In this example, the physical interface 'port1' is configured to handle untagged traffic with the IP address 192.168.1.1. If the native VLAN does not have an IP address, configure the interface with 0.0.0.0/0 to allow all traffic.

 

Command line:

 

config system interface
     edit "port1"
          set vdom "root"
          set ip 0.0.0.0 0.0.0.0
          set allowaccess ping https ssh
     next
end

 

Untagged traffic on 'port1' is treated as part of the regular interface network.

Contributors