Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Winner
New Contributor

Created on ‎02-22-2023 01:05 PM Edited on ‎02-22-2023 01:07 PM

FortiSwitch Intervlan Routing

Hi

 

I have pair of FGT connected to two core switches using fortilink with multiple access switches hanging out of the core switches. We have multiple VLANs configured on the fabric which work through FW. However there is a requirement to create 2 VLANs for which intervlan traffic should work through fortiswitces - basically want to bypass FGT for 2 specific VLANs.

 

 

Winner_0-1677100064639.png

 

We want to use FGT for intervlan routing between VLAN 10 and VLAN20.

However want to bypass FGT for VLAN 40 and VLAN50 and want to do intervlan routing using Core Switches.

Any idea how this can be achieved ?

 

 

Labels:
2586
0 Kudos
5 REPLIES 5
gfleming
Staff
Staff

Created on ‎02-22-2023 08:27 PM

This cannot be achieved if the Core Switches are managed using FortiLink. You will need a standalone L3 FortiSwitch.

Cheers,
Graham
2566
0 Kudos
Winner
New Contributor
In response to gfleming

Created on ‎02-22-2023 10:54 PM

Thanks Graham

Just checking this document, is it only for fortiswitches where switches are not managed by FGT ?

 

Configuring layer-3 routing on FortiSwitch units | FortiSwitch Manager 7.2.0 (fortinet.com)

2560
0 Kudos
gfleming
Staff
Staff
In response to Winner

Created on ‎02-23-2023 07:53 AM

That is documentation for the standalone FortiSwitch Manager software (it mimics a FortiGate in how it manages the FortiSwitches). Seems like as of 7.2 it can allow L3 routing on the FortiSwitch.


Perhaps that functionality is coming to FortiGate-managed FortiSwitches but AFAIK it is not possible today.

Cheers,
Graham
2544
0 Kudos
Muhammad_Haiqal
Staff
Staff

Created on ‎02-22-2023 11:49 PM

Hi there,


From my understand, you want to make VLAN40 <<>>> VLAN50 can reach each other within the switch without passing through gateway(fortigate).

Any layer3 communication require gateway.
I would suggest to create a support ticket so we can verify if this feature already introduced and ready to be implemented. 

 

 

haiqal
2556
0 Kudos
Winner
New Contributor
In response to Muhammad_Haiqal

Created on ‎02-23-2023 12:06 AM

Hi haiqal

Yes that's correct. 

VLAN40 <<>>> VLAN50 -- intervlan routing within switch - no FGT involvement.

Everything else via FGT.

2555
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.