Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ErrantOsi
New Contributor III

Fortigate Firewall 802.3ad Aggregate with vlans - "Zone" compatible?

Hello everyone :)

We have a Forti 200F Firewall cluster (HA A/P). It has two uplinks interfaces which are already combined in a zone. The downlink interface is an 802.3ad aggregate with two (X3&X4) members and several layer 3 vlan subinterfaces configured.

I now wanted to create a new zone with some of the layer 3 subinterfaces in it so I can simplify our rule creation.

However, when creating a new zone I can't see our aggregate interface and neither the subinterfaces for selection. Is this maybe not supported for zones? I can't find any explanation online. Thanks!

3 REPLIES 3
hbac
Staff
Staff

Hi @ErrantOsi,

 

Those subinterfaces are under 802.3ad aggregate. You can't add it to other physical interface or zone. 

 

Regards, 

Brunn3r
New Contributor III

If you have referenced a interface anywhere, you are not able to put it in a zone.
So you have to create a zone and leave it empty. Move the references (mostly Firewall-Rules) to this zone, then you should be able to add the interface into the zone.

Or at first, try it with a newly created test-VLAN.

Toshi_Esumi
SuperUser
SuperUser

I think those are just used by policies already. And that's why it wouldn't show up as member candidates. If you create a new VLAN on the LAG, it would show up to be added to the new zone.

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors