I have a Fortigate 200D appliance.
When I put many interfaces in a bridge, does it act like a normal L2 switch? How does the access policy among bridge interfaces work? Is there unrestricted access among bridge members like a L2 switch?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
1- yes,
2- you cannot control traffic between switch ports
3- yes
In short, it's just a L2 switch. In some (higher) models a hardware switch chip is used, the smallest models use a software switch. In this case, the data handling is different but policing is not affected.
good question - as far as I know there is no direct mentioning of this in the Handbook.
Maybe you can deduct this from this reasoning:
Policies control traffic between logical ports. A physical port is at the same time a logical port, a VLAN is a logical port, an IPsec VPN phase1 is a logical port, but a switch is only one logical port consisting of one or several physical ports. Members of port aggregations (like LACP trunks, switches, zones) cannot be addressed individually. Thus a policy between member ports of an aggregation is not possible.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.