Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
naveenk
Staff
Staff

Created on ‎10-19-2020 12:41 AM Edited on ‎03-31-2025 10:04 AM By Moderator

Article Id 196626

Technical Tip: Transparent mode best practices

Description


This article applies to the FortiGate deployed in the transparent operating mode.

 

Scope

 

FortiGate.

Solution


Here are some points to consider for transparent mode FortiGate deployment to prevent layer 2 mess-ups.

  • Do not connect two ports to the same VLAN on a switch or to the same hub. Some Layer 2 switches become unstable when they detect the same MAC address originating on more than one switch interface or from more than one VLAN.
  • If multiple VLANs are operated on the FortiGate, assign each VLAN ID to its own forwarding domain to ensure that the scope of the broadcast does not extend beyond the VLAN it originated in.

To protect against Layer 2 loops.

  • Enable STP (set stpforward enable) forward on all interfaces.
  • Use separate VDOMs for production traffic (TP mode VDOM) and management traffic (NAT mode VDOM).
  • Only place those interfaces used for production in the TP mode VDOM. Place all other interfaces in the NAT mode VDOM. This protects against potential Layer 2 loops.
6821
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.