Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
skobayashi_FTNT
Staff
Staff

Created on ‎02-27-2013 08:58 PM Edited on ‎03-27-2025 10:29 PM By Community Manager

Article Id 197175

Technical Tip: Precaution for configuring transparent mode on Fortinet-VM appliances

Description This article explains a precaution when configuring Fortinet -VM appliances with a transparent mode (L2-bridge mode) on VMware ESXi.
Scope
  • Fortinet VM Appliances
    • FortiGate-VM.
    • FortiMail-VM.
    • FortiWeb-VM.
  • Transparent-mode enabled.
  • VMware ESXi.
Solution
  1. When deploying an OVF template of Fortinet VM appliance, all source networks of each interfaces(vNICs) will be mapped to one destination network/PortGroup by default, unless the destination network is manually mapped for each:

 

Gab_FTNT_0-1743102522012.png

 
  1. If at least two vNICs are mapped to one network/PortGroup, and the operation mode of the VM guest OS is switched to transparent mode, an L2 loop will occur between the VM and vSwitch.

Gab_FTNT_1-1743102522009.png


Definitely, this loop can cause traffic storms, CPU spikes and network problems on ESXi/guest VM and other devices.

 

Before switching the guest OS to transparent mode, one or both of these steps must be taken.

 
 
Make all vNIC interfaces belong to different network (PortGroup and/or VLAN):
 
Gab_FTNT_2-1743102522013.png
 
Make all unused vNIC interfaces disconnected from vSwitch:
 
Gab_FTNT_3-1743102522014.png


If multiple VMs are running in transparent mode and they have the same mapping to PortGroup, it can cause an L2 loop.

Example:
 

          [VM-1]
  (vNIC-1a)    (vNIC-1b)
     |            |
<PortGroupA>  <PortGroupB>
     |            |
  (vNIC-2a)    (vNIC-2b)
          [VM-2]
 
5701
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.