Hello Folks,
For everybody trying to achieve a VX-LAN setup where multiple VLAN are grouped under a trunk, and each of these VLAN needs to be a member interface of a software switch.
First of all the missing information:
* you can add interfaces to a software switch ONLY if the interfaces haven't any existing configuration.
* when you create an interface via UI or CLI by default it is created with an object of type address.
So change the role from LAN to Undefined, remove the object address associated with the interface, and add it to your software switch.
I hope that this can be useful for the community.
Reference:
htps://community.fortinet.com/t5/FortiGate/Technical-Tip-Software-switch-policy/ta-p/198381
Note that to add an interface to a software switch, the interface cannot be referenced by the existing configuration.
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/772083/automatic-address-creation-fo...
For all interfaces set to a LAN or DMZ role, a new option is available to automatically create an address object for the connected network.
Thanks for your contribution, @mmfn42 ! I added this to the article you referenced!
User | Count |
---|---|
1866 | |
1138 | |
769 | |
447 | |
269 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.