Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AlbertMin
New Contributor II

Fortigate. Connect 2 ports on layer2

Hello,

 

Fortigate 600 v7.2.9.

Ports 1 and 2 on the Fortigate are not yet in use. I activate both.
I plug PC1 into port 1 and PC2 and port 2.
Should the two PCs be able to talk to each other now (of course I gave them both an IP address from the same network)? So are they in the same Layer 2 network?
Or do you have to tell the Fortigate that ports 1 and 2 should be in the same vLAN, so to speak.

I'm not actually talking about ports, but rather aggregates, but the logic should be the same.

 

Thanks

AlbMin

1 Solution
funkylicious
SuperUser
SuperUser

you can define/create a hardware or software switch with those 2 ports and then achieve, well... a virtual switch and then both pcs connected to them would be in the same lan.

you also have the option to allow traffic between them by default or create specific rules if you create a software sw, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Software-switch-policy/ta-p/198381 

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
7 REPLIES 7
dingjerry_FTNT

Hi @AlbertMin ,

 

You confused me a lot.

 

1) Are port1 & port2 in the same aggregate interface (AKA LACP interface)?

2) If they are in the same aggregate interface,  I haven't tried with 2 PCs connected to the aggregate interface members directly for accessing each other. 

 

My guess is no.  I don't think that the aggregate interface (LACP interface) will act as a switch for its members.  It should treat the members as one logical link.

 

So it's better for you to create VLAN interfaces under the aggregate interface for those 2 PCs talking to each other. And of course, it's better to connect the aggregate interface to a switch first and it will act as a trunk.

Regards,

Jerry
AlbertMin
New Contributor II

Sorry for the confusion.
Forget I mentioned aggregates. I just want to bring 2 physical ports on the Fortigate into the same Layer 2 network. The two ports are not in an aggregate/LACP.

dingjerry_FTNT

So again, what is the operation mode of your FGT or your VDOM if you have VDOM enabled? Router or TP?

Regards,

Jerry
AlbertMin

It operates as a Router

dingjerry_FTNT

Then you may follow @funkylicious 's suggestions to use one of them, Hardware switch, Software switch, or Virtual Switch, depending on which one is available on your FGT.

Regards,

Jerry
funkylicious
SuperUser
SuperUser

you can define/create a hardware or software switch with those 2 ports and then achieve, well... a virtual switch and then both pcs connected to them would be in the same lan.

you also have the option to allow traffic between them by default or create specific rules if you create a software sw, https://community.fortinet.com/t5/FortiGate/Technical-Tip-Software-switch-policy/ta-p/198381 

"jack of all trades, master of none"
"jack of all trades, master of none"
AlbertMin

That works. Thank you

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors