FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 196626
This article applies for the FortiGate deployed in the transparent operating mode.

Here are some points to consider for transparent mode FortiGate deployment to prevent layer2 mess-ups.
- Do not connect two ports to the same VLAN on a switch or to the same hub. Some Layer 2 switches become unstable when they detect the same MAC address originating on more than one switch interface or from more than one VLAN.
- If multiple VLANs are operated on the FortiGate , assign each VLAN ID to its own forwarding domain to ensure that the scope of the broadcast does not extend beyond the VLAN it originated in.

To protect against Layer 2 loops.
- Enable stpforward on all interfaces.
- Use separate VDOMs for production traffic (TP mode VDOM) and management traffic (NAT mode VDOM).
- Only place those interfaces used for production in the TP mode VDOM. Place all other interfaces in the NAT mode VDOM. This protects against potential Layer 2 loops.