Fortinet Community

Nikos-Maniatis · ‎04-20-2023

Hi, this is the network topology in the company i work for:

Switches are 2 Fortiswitches S148FP managed through fortilink from 2 FortiGate 80Fs in HA.
I am trying to set access from vlan 30 to vlan 32 (only with this direction, so i can manage the voip devices remotely) but it doesn't seem to work ( ping times out.. )
I have an active policy to accept traffic, with incoming interface the vlan 30 and outgoing vlan 32,
source vlan-30-address and destination vlan-20-address for all services with NAT disabled.
What am i doing wrong ?
Thanks in advance

knagaraju · ‎04-20-2023

Hello Nikos,
May I know if you are able to ping the device connected to VLAN 30 and VLAN 32 from Fortigate?
May I know if you are seeing the traffic being dropped in Logs&Reports>>forward traffic?

Nikos-Maniatis · ‎04-20-2023

Hi, i can ping both vlans from fortigate cli,
but i can't see any logs for dropped traffic

gfleming · ‎04-20-2023

Your FortiLink topology is not supported.

You need an ISL between the two FSW-148F switches. And you need to enable split interface on the FortiGate fortilink interface.

https://docs.fortinet.com/document/fortiswitch/7.2.4/fortilink-guide/801190/ha-mode-fortigate-units-...

Cheers,
Graham

Nikos-Maniatis · ‎04-25-2023

I just realised that i forgot to add to the diagram, the connection the two switches share between them on port 26, but based on your answer it doesn't make much of a difference am i right ?

gfleming · ‎04-25-2023

Well it does make a difference. It needs to be there. So it's good if the link is actually there.

And have you enabled split interface on your FortiLink interface on the FortiGate?

Cheers,
Graham

Fortinet Community

Inter-vlan routing issue