Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

L2 vpn over Internet with Fortigate VM02


Hello everyone,

I need your opinions and experience to help me in my design. Here is my architectural diagram


2024-04-30 15_59_28-Schéma Forti.drawio -

I want VLAN10 from site A to be able to join VLAN10 from site B. Same for VLAN20 and VLAN30.

I also want each VLAN to be able to join the internet.

And finally, I also want VLAN10, 20, 30 to be able to join together, via the Fortigate filtering rules


What is the best way to get there?

Thanks for your help !



VXLAN over IPsec is the typical Forti-solution for extending L2 over a VPN.

You can start here:

[ corrections always welcome ]
New Contributor III

I tried following this documentation:


But I'm stuck at step 6: set member "port1" "vxlan".


Unable to add my port1 in my virtual-wire-pair. I can't understand why...


To fix this, you will most likely need to remove all references to port1 (i.e. delete existing policies).


But you probably don't want to do this with VWP. I would expect that implementation with a virtual switch is more universal and useful for customers. This doc is better, but you need to ignore the Hub-and-spoke setup and do it for a simple site-to-site.

[ corrections always welcome ]

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors