I assume that the layer3 interface is tagged with vlan 1?
What happens if I put an access vlan on a another switch port that is connected to this firewall port?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
No. With all FGTs, all physical and parent interfaces are NOT tagged and no association to any VLANs configured in the unit. And VLAN ID 1 is reserved. See below KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Reserved-VLAN-ID-1/ta-p/270111
If you configured an "access port" on a switch, packets coming out/in are non-tagged. So only those non-VLAN/parent interfaces can communicate with.
Toshi
No. With all FGTs, all physical and parent interfaces are NOT tagged and no association to any VLANs configured in the unit. And VLAN ID 1 is reserved. See below KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Reserved-VLAN-ID-1/ta-p/270111
If you configured an "access port" on a switch, packets coming out/in are non-tagged. So only those non-VLAN/parent interfaces can communicate with.
Toshi
So the fortigate firewall have layer 3 ip.
I can only use dumb layer 2 switch to connect to it?
How about switchport mode access, switchport access vlan 1?
You can connect L3 switch as well, of course. Just avoid IP conflict. In that case, both are routers.
FGTs basically don't have concept of SVI except the virtual VLAN switch interface, which can have a native VLAN interface for most of "F"-series FGTs. Also they don't have concept of "switchport mode access" because it's not a switch or switch-router. It's similar to old Cisco routers like 26xx, 19xx, etc. You can stack vlan on the physical port but no SVI.
"software switch" interface is the same. You can configure a soft-switch including muitiple physical interface as well as wifi(SSID) interfaces to have one IP/IP subnet. But it's not tagged. And again, you can stack up mutiple VLANs on it.
Toshi
"stack up multiple vlan" meaning sub-interfaces with vlan?
Yes. That's what I meant.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1095 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.