FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Trunk VLAN forwarding logic handling unknown VLANs in transparent mode.
Scope
FortiGate 6.0+.
Solution
VLAN forwarding: VLAN forwarding allows forwarding all the VLAN traffic of a trunk that was connecting two network devices, as well as where the FortiGate has been introduced, without having to perform any further configuration. It is recommended to configure forwarding domains for each VLAN and disable this parameter in order to avoid packet from looping into the trunk from one VLAN to another. By default, the parameter 'vlanforward' is disabled on each physical interface of a FortiGate or VDOM in transparent mode.
When a FortiGate receives a tagged frame with an unknown VLAN ID, traffic can be handled one of two ways, depending on whether VLAN forwarding is enabled or disabled. By default, VLAN forwarding is disabled and any frames that are tagged with an unknown VLAN ID are dropped by the FortiGate.
If VLAN forwarding is enabled, frames tagged with an unknown VLAN ID are forwarded from the port that received the frames to all other ports in the same forwarding domain(s). This makes it possible to insert the FortiGate between two devices using trunk ports without any further configuration.
