Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tbar1704
New Contributor II

Created on ‎10-16-2023 08:40 AM Edited on ‎02-26-2024 06:48 AM By Community Manager

InterVlan Routing - Not all VLAN Interfaces are on the Fortigate

I created my first VLAN Interface on the Fortigate, under the LAN port that goes to our core switch. The LAN port to the HP Switch is a Trunk port and the new VLAN is permitted on the trunk port.

 

For now all the other VLAN interfaces are on the Layer 3 Core Switch

 

I cant ping the new VLAN's interface from the Core switch directly or by one of the resources I have on the new VLAN connected to the Core switch

Labels:
5346
0 Kudos
1 Solution
Toshi_Esumi
SuperUser
SuperUser
In response to tbar1704

Created on ‎10-17-2023 10:42 AM Edited on ‎10-17-2023 10:43 AM

You should ask the HPE community why it's not working.

Creating a L3 interface wouldn't change the fact L2 is not passing through. Also it would break your design to set the FGT as a GW for VLAN 210. Because now the core switch knows the IPs in VLAN 210 exist within the switch. If other subnets/VLANs send packet toward VLAN 210, it's not going to bother sending them to the FGT but just directly sends to the destination devices.

 

Toshi

View solution in original post

5045
23 REPLIES 23
Toshi_Esumi
SuperUser
SuperUser
In response to tbar1704

Created on ‎10-17-2023 08:44 AM

No. You now can't ping within 10.1.210.0/24 subnet. Nothing to do with routing. Just L2 connectivity between the trunk port and access ports.

919
tbar1704
New Contributor II
In response to Toshi_Esumi

Created on ‎10-17-2023 10:35 AM

Create a new VLAN Interfaces on the Core switch for VLAN 210?

907
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to tbar1704

Created on ‎10-17-2023 10:42 AM Edited on ‎10-17-2023 10:43 AM

You should ask the HPE community why it's not working.

Creating a L3 interface wouldn't change the fact L2 is not passing through. Also it would break your design to set the FGT as a GW for VLAN 210. Because now the core switch knows the IPs in VLAN 210 exist within the switch. If other subnets/VLANs send packet toward VLAN 210, it's not going to bother sending them to the FGT but just directly sends to the destination devices.

 

Toshi

5046
hbac
Staff
Staff

Created on ‎10-16-2023 09:14 AM

Hi @tbar1704,

 

Can you provide a network topology? You can run the debug flow to see if the traffic is being dropped: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

1057
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.