| Description | This article explains the differences in forward traffic for SSID configured in bridge mode and tunnel mode on FortiGate devices. |
| Scope | FortiGate, FortiAP. |
| Solution |
Basic difference between the Bridge Mode and the Tunnel Mode.
In bridge mode, the wireless interface is bridged with a wired interface, effectively making them part of the same Layer 2 broadcast domain. This allows devices connected via wireless to communicate directly with devices on the wired network as if they were on the same physical LAN.
Tunnel Mode: In tunnel mode, traffic from wireless clients is encapsulated and sent to the FortiGate through a virtual interface, separating it from the wired network. This mode routes wireless traffic to a different subnet or through specific policies.
To understand the distinction between bridge mode and tunnel mode in depth explanation please read: Technical Tip: SSID Local bridge vs Tunnel mode.
Forward Traffic in Bridge Mode:
When an SSID is configured in bridge mode, the FortiGate treats the AP as a physical interface causing the following behaviors.
In Forward Traffic, neither AP Serial or Physical AP will be visible:
Forward Traffic in Tunnel Mode: When SSID is configured in tunnel mode, the traffic from workstations is encapsulated and sent to FortiGate for processing. In Forward Traffic --> AP Serial and Physical AP will be visible:
|
