Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Nikos-Maniatis
New Contributor

Inter-vlan routing issue

Hi, this is the network topology in the company i work for:

Local_Net.drawio.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Switches are 2 Fortiswitches S148FP managed through fortilink from 2 FortiGate 80Fs in HA.
I am trying to set access from vlan 30 to vlan 32 (only with this direction, so i can manage the voip devices remotely) but it doesn't seem to work ( ping times out.. )
I have an active policy to accept traffic, with incoming interface the vlan 30 and outgoing vlan 32,
source vlan-30-address and destination vlan-20-address for all services with NAT disabled.
What am i doing wrong ? 
Thanks in advance

5 REPLIES 5
knagaraju
Staff
Staff

Hello Nikos,
May I know if you are able to ping the device connected to VLAN 30 and VLAN 32 from Fortigate?
May I know if you are seeing the traffic being dropped in Logs&Reports>>forward traffic?

Nikos-Maniatis

Hi, i can ping both vlans from fortigate cli,
but i can't see any logs for dropped traffic

gfleming
Staff
Staff

Your FortiLink topology is not supported.

 

You need an ISL between the two FSW-148F switches. And you need to enable split interface on the FortiGate fortilink interface.

 

https://docs.fortinet.com/document/fortiswitch/7.2.4/fortilink-guide/801190/ha-mode-fortigate-units-...

Cheers,
Graham
Nikos-Maniatis

I just realised that i forgot to add to the diagram, the connection the two switches share between them on port 26, but based on your answer it doesn't make much of a difference am i right ?

gfleming

Well it does make a difference. It needs to be there. So it's good if the link is actually there.

 

And have you enabled split interface on your FortiLink interface on the FortiGate?

Cheers,
Graham
Top Kudoed Authors