Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
achowdhury
Staff
Staff

Created on ‎11-15-2019 04:16 AM Edited on ‎03-22-2022 06:03 AM By Anonymous

Article Id 196010

Technical Tip: VXLAN supported models

Description
Virtual Extensible LAN (VXLAN) is a network virtualization technology used in large cloud computing deployments.
That encapsulates OSI layer 2 Ethernet frames within layer 3 IP packets using standard destination port 4789.
VXLAN endpoints that terminate VXLAN tunnels can be virtual or physical switch ports, are known as VXLAN tunnel endpoints (VTEPs). For more information about VXLAN, see RFC 7348.

This article describes how to configure this feature.

# config system vxlan
    edit {name}
        set interface {string}                                                         <-----Outgoing interface for VXLAN encapsulated traffic. size[15] - datasource(s): system.interface.name
        set vni {integer}   VXLAN network ID. range[1-16777215]
        set ip-version {ipv4-unicast | ipv6-unicast | ipv4-multicast | ipv6-multicast} < -----IP version to use for the VXLAN interface and so for communication over the VXLAN. IPv4 or IPv6 unicast or multicast.
                ipv4-unicast    Use IPv4 unicast addressing over the VXLAN.
                ipv6-unicast    Use IPv6 unicast addressing over the VXLAN.
                ipv4-multicast  Use IPv4 multicast addressing over the VXLAN.
                ipv6-multicast  Use IPv6 multicast addressing over the VXLAN.
        set remote-ip                                                                                                               
        set ip {string}   IPv4 address. size[15]
        set remote-ip6
        set ip6 {string}   IPv6 address. size[45]
        set dstport {integer}   VXLAN destination port (1 - 65535, default = 4789). range[1-65535]
        set multicast-ttl {integer}   VXLAN multicast TTL (1-255, default = 0). range[1-255]
end

Solution
Note that the vxlan features are only supported on platforms with 3.2 Linux kernel versions.
Verify the kernel version:
fnsysctl cat /proc/version
Below is the list of models on which vxlan feature is not supported.

Note.
FGR-90D running FortiOS v6.2.x and above is able to operate VXLAN.

FGR-60D FGR-90D

FGT-30D

FGT-30D-POE

FGT-60D

FGT-60D-POE

FGT-70D

FGT-70D-POE

FGT-80C

FGT-80CM

FGT-90D

FGT-90D-POE

FGT-94D-POE

FGT-98D-POE

FGT-200D

FGT-200D-POE

FGT-240D

FGT-240D-POE

FGT-280D-POE

FGT-600C

FGT-800C

FGT-1000C

FGT-3240C

FGT-3600C

FGT-5001C

FWF-30D

FWF-30D-POE

FWF-60D

FWF-60D-POE

FWF-80CM

FWF-81CM

FWF-90D

FWF 90D-POE

 FWF-92D

 

 

 

 

 

 

 

 

11173
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.