Hello everyone :)
We have a Forti 200F Firewall cluster (HA A/P). It has two uplinks interfaces which are already combined in a zone. The downlink interface is an 802.3ad aggregate with two (X3&X4) members and several layer 3 vlan subinterfaces configured.
I now wanted to create a new zone with some of the layer 3 subinterfaces in it so I can simplify our rule creation.
However, when creating a new zone I can't see our aggregate interface and neither the subinterfaces for selection. Is this maybe not supported for zones? I can't find any explanation online. Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @ErrantOsi,
Those subinterfaces are under 802.3ad aggregate. You can't add it to other physical interface or zone.
Regards,
If you have referenced a interface anywhere, you are not able to put it in a zone.
So you have to create a zone and leave it empty. Move the references (mostly Firewall-Rules) to this zone, then you should be able to add the interface into the zone.
Or at first, try it with a newly created test-VLAN.
I think those are just used by policies already. And that's why it wouldn't show up as member candidates. If you create a new VLAN on the LAG, it would show up to be added to the new zone.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.