Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Adrian_Lewis
Contributor

Fastpath L3 to FortiSwitch?

Does anyone know if it is possible to forward packets between VLANs locally on a FortiSwitch when in FortiLink mode or does traffic passing between subnets always have to be punted up to the FortiGate and back again? Seems like it would be a pretty major win if Fortinet could implement local L3 forwarding on a FortiSwitch where the FortiGate policy does not require any deep inspection for UTM/NGFW features. Would fit somewhere between a regular L3 switch and an ISFW. Alternatively, punt the first few packets of a session to the FortiGate and then 'fastpath' to the switch silicon once all checks have been made.

4 REPLIES 4
Ron_Uss
New Contributor III

Hello Adrian,

did you get answer for this question from someone out of this forum? Thanks

NSE8 #3111

Adrian_Lewis

I think the answer is no unfortunately
Alby23

I think the same.

L3 functionality is provided by the FortiGate so apparently no "direct" routing is possible.

Carl_Wallmark

Hopefully they have this on their roadmap.

 

This is the same as with FortiAP when it was released.

When they introduced the FortiAP, you could only tunnel all traffic to the Fortigate, then I talked to them about bridging the traffic on the FortiAP interface, half a year later it was released.

 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C