hello @All
i have a problem with fg-1100E firmware v7.2.2.
when i want to create a hardware or vlan switch, i get sw0 & sw1 offered. so far so good, but why are the ports greater than 28 not included?
i need the QSFP+ port 34 as uplink and at the same time other ports for subordinated switches or special servers. some of them are access ports and others are trunks.
so at the moment i only have the possibility to create a software switch, but unfortunately it does not allow me to differentiate different ports with the same vlan as desired.
i can't even define ports 33 and 34 as dedicated ethernet trunks.
why is this?
thx
jmc
Solved! Go to Solution.
AFAIK the 1100E does not have a built-in HW Switch. I could be wrong though....
So let's go back to the drawing board and figure out what it is you are trying to accomplish.
Ideally you should leave switching and such to a dedicated switch on your network. Any traffic that needs to be inspected should be brought up to the FGT using an uplink. That uplink can be a LAG or dedicated port using any of the interfaces on your FGT. The uplink can have VLAN interfaces associated with it for tagging and subnet separation.
Creating a software switch is a bad idea as it will prevent you from offloading traffic to the dedicated NPU.
AFAIK the 1100E does not have a built-in HW Switch. I could be wrong though....
So let's go back to the drawing board and figure out what it is you are trying to accomplish.
Ideally you should leave switching and such to a dedicated switch on your network. Any traffic that needs to be inspected should be brought up to the FGT using an uplink. That uplink can be a LAG or dedicated port using any of the interfaces on your FGT. The uplink can have VLAN interfaces associated with it for tagging and subnet separation.
Creating a software switch is a bad idea as it will prevent you from offloading traffic to the dedicated NPU.
hello gfleming,
thank you and you are absolutely right. in general i have planned it exactly like that. just assign the 40g as up-&downlink to the fg and ip'd, routes and gw. the whole thing as a cluster and everything is great. works just as wonderful.
the whole reason why i ask this is because i got exactly 2 * 10 gb links to the interconnect modules of a hp c7000. unfortunately the dedicated hpe 5900 has only 4 * 10 gb ports. i just wanted to see if i can get the two links to the fg without having to use another switch.
but as you say this is not a good idea. so back to the beginning and connect another switch.
thank you
jeff
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.