No, a VLAN interface is a sub-interface on a FortiGate (a tagged VLAN on a trunk port in switching parlance).
You *could* set up a switch on the FortiGate so that more than one physical port shared the same "interface" but you wouldn't be able to tag VLANs on those ports. You'd have to connect it to a switch on an untagged VLAN to maybe kind of achieve what you're looking for, at which point why not just use a switch to begin with. Tag the VLAN going to the FortiGate and set untagged VLANs on the other ports you need instead of using the FortiGate for them.
I wouldn't do that. MGMT port is to separate management access network from all other "user" networks on the LAG. It's better kept alone with the management subnet and connected directly to the switch (access port) then you can control L2 switching/L3 routing at the L3 switch.
100% agree with Toshi. I refrained from saying anything but the design Wojtek described makes no sense to me. Management is its own thing and should be on its own interface. Can't imagine what the benefit would even be to having it on multiple interfaces.
allow-subnet-overlap is an evil option. The devil made it. Please do not use it ;)
As said a vlan on a FGT is a virtuel interface that is tied to a physical one. So the only option to share one vlan on more than one port would be either to put those ports into a switch - then they are threated as one interface and you can tie a vlan to it.
The only outher option might be Port Trunking - but then youo do no longer have sperate ports.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Yes it's great when you have on server multiple ethernet interfaces, but most of my servers have only two ethernet ports, one iRMC and one last is for data flow and MGMT vlan, I cannot do other way like only put MGMT on VLAN, and I would like to have one MGMT subnet spread on all my Fortigate Lan ports, so this is my problem.
I cannot put lat port with my DMZ port on switch they need to be separated (security reasons).
So if your servers are needing trunk ports (which is what I'm hearing) then you need to use a managed switch to connect between your servers and the FortiGate (maybe FortiSwitch would work; I have no personal experience). There would be no security risk as your DMZ would be on its own VLAN and could not communicate with anything else. This should be very easy to accomplish with any number of managed switch vendors.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.