FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to manage the traffic with packets that are not tagged between a Transparent FortiGate and a FortiSwitch. When receiving traffic to and from a FortiSwitch from a Transparent FortiGate unit, it is important to be aware of how to properly manage packets that are not tagged, otherwise traffic might be dropped.
Solution Physical interfaces are the only ones that can send/accept non-tagged packets.
So on a Transparent FortiGate "un-tagged packets (VTP, CDP)" must be received only on the physical interfaces (never on a LOGICAL interface like a VLAN sub-interface).