Hello,
Fortigate 600 v7.2.9.
Ports 1 and 2 on the Fortigate are not yet in use. I activate both.
I plug PC1 into port 1 and PC2 and port 2.
Should the two PCs be able to talk to each other now (of course I gave them both an IP address from the same network)? So are they in the same Layer 2 network?
Or do you have to tell the Fortigate that ports 1 and 2 should be in the same vLAN, so to speak.
I'm not actually talking about ports, but rather aggregates, but the logic should be the same.
Thanks
AlbMin
Solved! Go to Solution.
you can define/create a hardware or software switch with those 2 ports and then achieve, well... a virtual switch and then both pcs connected to them would be in the same lan.
you also have the option to allow traffic between them by default or create specific rules if you create a software sw, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Software-switch-policy/ta-p/198381
Hi @AlbertMin ,
You confused me a lot.
1) Are port1 & port2 in the same aggregate interface (AKA LACP interface)?
2) If they are in the same aggregate interface, I haven't tried with 2 PCs connected to the aggregate interface members directly for accessing each other.
My guess is no. I don't think that the aggregate interface (LACP interface) will act as a switch for its members. It should treat the members as one logical link.
So it's better for you to create VLAN interfaces under the aggregate interface for those 2 PCs talking to each other. And of course, it's better to connect the aggregate interface to a switch first and it will act as a trunk.
Sorry for the confusion.
Forget I mentioned aggregates. I just want to bring 2 physical ports on the Fortigate into the same Layer 2 network. The two ports are not in an aggregate/LACP.
So again, what is the operation mode of your FGT or your VDOM if you have VDOM enabled? Router or TP?
It operates as a Router
Then you may follow @funkylicious 's suggestions to use one of them, Hardware switch, Software switch, or Virtual Switch, depending on which one is available on your FGT.
you can define/create a hardware or software switch with those 2 ports and then achieve, well... a virtual switch and then both pcs connected to them would be in the same lan.
you also have the option to allow traffic between them by default or create specific rules if you create a software sw, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Software-switch-policy/ta-p/198381
That works. Thank you
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1843 | |
1130 | |
769 | |
447 | |
258 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.