I have always followed the unofficial best practice of putting only one L3 net (IP network) on a L2 network. If I added a network, I added a VLAN.However, technically there is requirement for this: one can not just assign multiple IP addresses to an interface but the IPs can have different prefixes (and hence constitute different IP networks).I am considering the following scenario: I have two sub nets routed over two different providers. I have some machines which should be accessible on both addresses. So I am considering creating a single VLAN called “WAN” that includes both networks. A node on this VLAN can then add either an IP from ISP1, an IP from ISP2 or both, depending on requirements.Is there anything wrong with this? Should I ALWAYS create a separate L2 network for each IP network?
I feel something isn't right with your description. First without a switch in front of your FGT (I'm assuming you're talking about arrangement around a FGT), you can't terminate two physical ISP circuits on one device.
Then, with FGT's VLANs, they're not independent L2 interfaces unlike L3 switches. Each VLAN is bound to an L3 interface. So you can't have multiple L3 interfaces on a VLAN.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.