Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BusinessUser
Contributor

Created on ‎05-30-2023 12:16 AM

Is A Fortigate Firewall Interface An Access port or a trunk Port?

If we use a "hardware switch" or "software switch" and then we configure an ip address to it like a switch virtual interface, is the physical port an access port or a trunk port? 

Labels:
17492
0 Kudos
9 REPLIES 9
scan888
Contributor

Created on ‎05-30-2023 12:32 AM

Hi 

The IP-address directly configured on the "Switch" is untagged. 

If you would like to tag more VLANs. Create an new VLAN-Interface with reference your "Switch".

 

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
17483
chenliang
New Contributor
In response to scan888

Created on ‎03-06-2024 10:51 PM

so  configured on "hardswitch"  ip/netmask is juest like native vlan and others like tags vlan?

10071
0 Kudos
Christian_89
Contributor III

Created on ‎05-30-2023 12:46 AM

In Fortinet's FortiGate firewall, the interface can be configured either as an access port or a trunk port, depending on your requirements.

1. Access Port: If you configure a FortiGate interface as an access port, it is connected to a single VLAN and carries traffic only for that VLAN. In this mode, the interface is not expected to handle VLAN tags.

2. Trunk Port: If you configure a FortiGate interface as a trunk port, it can carry traffic for multiple VLANs. In this mode, the interface is capable of handling VLAN tags and allows traffic from different VLANs to pass through.

Regarding the second part of your question, if you are using a "hardware switch" or "software switch" and configuring an IP address on it, the physical port connected to the switch behaves as an access port. The switch itself handles the traffic between VLANs and routes traffic based on the IP address assigned to the switch virtual interface (SVI) or VLAN interface.

In this setup, the physical port is not responsible for handling VLAN tagging or carrying traffic for multiple VLANs. Instead, the switch handles the VLAN tagging and routing internally, while the physical port is treated as an access port connecting to the switch.

17475
BusinessUser
Contributor
In response to Christian_89

Created on ‎05-30-2023 04:19 AM

Ok.  How do you configure a trunk port then?

I am familiar with cisco but not fortigate.

17446
0 Kudos
scan888
Contributor
In response to BusinessUser

Created on ‎05-30-2023 11:48 PM

Hi,

First of all, I recommend to do a NSE4 Course to learn the Fortinet Basic stuff. There are multiple offers from training partners or free video course on https://training.fortinet.com

Additional you will found all information in the adminstrator guides from https://docs.fortinet.com

In your situation, the following Docs page will help you: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/402940/vlan

 

To create the port as "trunk" port you need to create VLAN-Interfaces:

config system interface
    edit <Name of your VLAN>
        set vdom root
        set interface <your Switch Interface Name>
        set type vlan
        set vlanid <VLAN-ID>
        set mode static
        set ip <IP-Address, incl. subnet>
        set allowaccess https ping
    next
end
- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
17423
BusinessUser
Contributor
In response to scan888

Created on ‎05-31-2023 12:04 AM

I have seen a vlan interface.

But can you add multiple vlans on the same interface?

17417
0 Kudos
scan888
Contributor
In response to BusinessUser

Created on ‎05-31-2023 12:05 AM

Yes you can.
As the same way as my example.

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
17416
BusinessUser
Contributor
In response to scan888

Created on ‎03-06-2024 11:55 PM

I assume it can be done using GUI as well for multiple interfaces?

10056
0 Kudos
hbac
Staff
Staff
In response to BusinessUser

Created on ‎03-07-2024 07:09 AM

Hi @BusinessUser,

 

Yes, you can create VLAN interfaces on the GUI. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-...

 

Regards, 

10027
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.