- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Inter-vlan routing issue
Hi, this is the network topology in the company i work for:
Switches are 2 Fortiswitches S148FP managed through fortilink from 2 FortiGate 80Fs in HA.
I am trying to set access from vlan 30 to vlan 32 (only with this direction, so i can manage the voip devices remotely) but it doesn't seem to work ( ping times out.. )
I have an active policy to accept traffic, with incoming interface the vlan 30 and outgoing vlan 32,
source vlan-30-address and destination vlan-20-address for all services with NAT disabled.
What am i doing wrong ?
Thanks in advance
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Nikos,
May I know if you are able to ping the device connected to VLAN 30 and VLAN 32 from Fortigate?
May I know if you are seeing the traffic being dropped in Logs&Reports>>forward traffic?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, i can ping both vlans from fortigate cli,
but i can't see any logs for dropped traffic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your FortiLink topology is not supported.
You need an ISL between the two FSW-148F switches. And you need to enable split interface on the FortiGate fortilink interface.
Graham
Created on ‎04-25-2023 02:37 AM Edited on ‎04-25-2023 02:39 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just realised that i forgot to add to the diagram, the connection the two switches share between them on port 26, but based on your answer it doesn't make much of a difference am i right ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well it does make a difference. It needs to be there. So it's good if the link is actually there.
And have you enabled split interface on your FortiLink interface on the FortiGate?
Graham
