Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pmeet
Staff
Staff

Created on ‎01-08-2026 10:47 AM

Article Id 425557

Technical Tip: Unable to turn on the Wildcard VLAN option under Virtual wire pair interface

Description This article describes the reason behind Wildcard VLAN being greyed out or the CLI setting wildcard-vlan giving an error when trying to modify it.
Scope FortiOS.
Solution

In some cases when tagged VLAN traffic has to flow through a virtual wire pair, Wildcard VLAN option must be enabled to allow tagged VLAN traffic.

 

If the Wildcard VLAN setting has to be modified, the Wildcard VLAN option can be greyed out and also an error is observed even when trying through CLI preventing the setting to be changed as shown below:

 

wirepair 1.png

 

wildcard vlan 4.png

 

The error found in the CLI indicates that this is due to Firewall Virtual Wire Pair Policy being configured using this interface, which restricts this feature from being enabled.

 

wire pair policy.png

 

Once the virtual wire pair policy is deleted, the ability to change the setting should now be available.

 

wire pair vlan enable.png

 

After enabling the Wildcard VLAN feature a new virtual wire pair policy can then be created to allow traffic.
104
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.