| Description | This article explains the differences in forward traffic for SSID configured in bridge mode and tunnel mode on FortiGate devices. |
| Scope | FortiGate, FortiAP. |
| Solution |
Basic difference between the Bridge Mode and the Tunnel Mode.
In bridge mode, the wireless interface is bridged with a wired interface, effectively making them part of the same Layer 2 broadcast domain. This allows devices connected via wireless to communicate directly with devices on the wired network as if they were on the same physical LAN.
Tunnel Mode: In tunnel mode, traffic from wireless clients is encapsulated and sent to the FortiGate through a virtual interface, separating it from the wired network. This mode routes wireless traffic to a different subnet or through specific policies.
To understand the distinction between bridge mode and tunnel mode in depth explanation please read: Technical Tip: SSID Local bridge vs Tunnel mode.
Forward Traffic in Bridge Mode:
When an SSID is configured in bridge mode, the FortiGate treats the AP as a physical interface causing the following behaviors.
In Forward Traffic, neither AP Serial or Physical AP will be visible:
Forward Traffic in Tunnel Mode: When SSID is configured in tunnel mode, the traffic from workstations is encapsulated and sent to FortiGate for processing. In Forward Traffic --> AP Serial and Physical AP will be visible:
|
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: Understanding Forward Traffic Behav...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.