Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Omoyeleola
New Contributor

Created on ‎03-13-2025 05:09 AM

Access To Out of Bound Vlans

I have a Fortigate that has two vdoms (root vdom and OOB vdom). The OOB vdom is connected to the Forti-switch and the Forti-switch is being managed by the OOB vdom Fortigate. The Forti-switch has 3 Vlans and all the ports on the Forti-switch have been used. How can I configure a physical port of the Fortigate so that I can access the three Vlans on the Forti-switch Please help with configuration. 

Labels:
191
0 Kudos
1 Solution
ebrlima
Staff
Staff
In response to Omoyeleola

Created on ‎03-14-2025 12:54 PM

So first, you need to either move port15 to vdom OOB or configure inter vdom links between vdom root and vdom OOB

 

About inter-dom link, refer to this: https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/317358/inter-vdom-routing-co...

 

So your flow would be:

 

Port15 >>>> Vdom-link(root side) >>>>>Vdom-link (OOB side)>>>>Vlan20

Port15 >>>> Vdom-link(root side) >>>>>Vdom-link (OOB side)>>>>Vlan30

 

At root vfom you have to have bidirectional rules from port15 to vdom link and from vdom link to port15, and routing so traffic from port15 to vlans 20, 30 is forwarded to the gateway, which will be the ip address of inter-vdom link on OOB side.

 

At OOB vdom, you configure rules from inter-vdom link to VLAN20 and VLAN30, which are interface vlans on your firewall at OOB side.

Screenshot 2025-03-14 165248.png

 

Let me know if I can help with something else.

Eudes Lima

View solution in original post

67
0 Kudos
4 REPLIES 4
ebrlima
Staff
Staff

Created on ‎03-13-2025 02:17 PM

Hello @Omoyeleola 

 

Based on the information you provided, you might be able to turn one of the physical ports on the Fortigate unit that are connected to the FortiSwitch into a trunk and create the necessary tagged vlan interfaces under it.

 

This KB shows you how:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-...

 

If this is not quite what you need, post more details here and we can try and help you!

Eudes Lima
113
0 Kudos
Omoyeleola
New Contributor
In response to ebrlima

Created on ‎03-14-2025 12:14 PM

Dear Lima,

Thank you for your response. I am still seeking a solution to my inquiry. I have attached a file that illustrates the configuration. The Fortigate firewall is a multi-VDOM, consisting of VDOM root and VDOM oob. VDOM oob is connected to a Fortiswitch through Fortilink. The Fortiswitch is configured with two VLANs, and all ports are set as access ports for either VLAN 20 or VLAN 30, with the exception of port 24, which functions as a trunk port. There are no available ports on the Fortiswitch. My question is how to configure port 15 on the Fortigate firewall to enable access to both VLAN 20 and VLAN 30 on the Fortiswitch. Thank you in advance as I await your swift assistance. 

 
 
 

Setup DiagramSetup Diagram

 

 

88
0 Kudos
ebrlima
Staff
Staff
In response to Omoyeleola

Created on ‎03-14-2025 12:54 PM

So first, you need to either move port15 to vdom OOB or configure inter vdom links between vdom root and vdom OOB

 

About inter-dom link, refer to this: https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/317358/inter-vdom-routing-co...

 

So your flow would be:

 

Port15 >>>> Vdom-link(root side) >>>>>Vdom-link (OOB side)>>>>Vlan20

Port15 >>>> Vdom-link(root side) >>>>>Vdom-link (OOB side)>>>>Vlan30

 

At root vfom you have to have bidirectional rules from port15 to vdom link and from vdom link to port15, and routing so traffic from port15 to vlans 20, 30 is forwarded to the gateway, which will be the ip address of inter-vdom link on OOB side.

 

At OOB vdom, you configure rules from inter-vdom link to VLAN20 and VLAN30, which are interface vlans on your firewall at OOB side.

Screenshot 2025-03-14 165248.png

 

Let me know if I can help with something else.

Eudes Lima
68
0 Kudos
Omoyeleola
New Contributor
In response to ebrlima

Created on ‎03-14-2025 02:37 PM

Dear Lima, 

I have executed the solution you suggested, and it was successful. I greatly appreciate your assistance.

55
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.