Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BusinessUser
Contributor

Is A Fortigate Firewall Interface An Access port or a trunk Port?

If we use a "hardware switch" or "software switch" and then we configure an ip address to it like a switch virtual interface, is the physical port an access port or a trunk port? 

9 REPLIES 9
scan888
Contributor

Hi 

The IP-address directly configured on the "Switch" is untagged. 

If you would like to tag more VLANs. Create an new VLAN-Interface with reference your "Switch".

 

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
chenliang

so  configured on "hardswitch"  ip/netmask is juest like native vlan and others like tags vlan?

Christian_89
Contributor III

In Fortinet's FortiGate firewall, the interface can be configured either as an access port or a trunk port, depending on your requirements.

1. Access Port: If you configure a FortiGate interface as an access port, it is connected to a single VLAN and carries traffic only for that VLAN. In this mode, the interface is not expected to handle VLAN tags.

2. Trunk Port: If you configure a FortiGate interface as a trunk port, it can carry traffic for multiple VLANs. In this mode, the interface is capable of handling VLAN tags and allows traffic from different VLANs to pass through.

Regarding the second part of your question, if you are using a "hardware switch" or "software switch" and configuring an IP address on it, the physical port connected to the switch behaves as an access port. The switch itself handles the traffic between VLANs and routes traffic based on the IP address assigned to the switch virtual interface (SVI) or VLAN interface.

In this setup, the physical port is not responsible for handling VLAN tagging or carrying traffic for multiple VLANs. Instead, the switch handles the VLAN tagging and routing internally, while the physical port is treated as an access port connecting to the switch.

BusinessUser

Ok.  How do you configure a trunk port then?

I am familiar with cisco but not fortigate.

scan888

Hi,

First of all, I recommend to do a NSE4 Course to learn the Fortinet Basic stuff. There are multiple offers from training partners or free video course on https://training.fortinet.com

Additional you will found all information in the adminstrator guides from https://docs.fortinet.com

In your situation, the following Docs page will help you: https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/402940/vlan

 

To create the port as "trunk" port you need to create VLAN-Interfaces:

config system interface
    edit <Name of your VLAN>
        set vdom root
        set interface <your Switch Interface Name>
        set type vlan
        set vlanid <VLAN-ID>
        set mode static
        set ip <IP-Address, incl. subnet>
        set allowaccess https ping
    next
end
- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
BusinessUser

I have seen a vlan interface.

But can you add multiple vlans on the same interface?

scan888

Yes you can.
As the same way as my example.

- Have you found a solution? Then give your helper a "Like" and mark the solution.
- Have you found a solution? Then give your helper a "Like" and mark the solution.
BusinessUser

I assume it can be done using GUI as well for multiple interfaces?

hbac

Hi @BusinessUser,

 

Yes, you can create VLAN interfaces on the GUI. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-...

 

Regards, 

Labels
Top Kudoed Authors