I just purchased a 200D and am learning as I go. I have 2 Adtran 1534P switches, and I wand to create two two-port trunks, one for each switch. I've created trunks on each switch, and they work properly between each other. On the 200D I created the interfaces (ports 13+14 for one, and ports 15+16 for the other) and the filters that I think I need. I am not sure if I need to configure static routes, but I tried using just the default route, and adding routes for the two trunks, but in either case the trunks don't communicate with the switches (I tried pinging from the 200D out to the switches, and from the switches into the 200D). I am sure I am missing some critical setting but I haven't been able to figure it out, so I'm asking if anyone can spot where I am going wrong and help me out. The 200D is using v 5.0 build 0292 firmware. (I'm waiting on our new fiber line to connect to the internet and update). Thanks.
Not sure where your problem lies, but for one thing, I would narrow down the scope of those policies, from 'any' to the IP ranges that you really need to connect to. 'Any' though easy, makes troubleshooting really difficult. Create policies from 'Admin' to 'switch 1', for example and try again.
Also, use the diag debug commands to really see where the traffic is going, as opposed to guessing.
Thirdly, check your routing table to see if routes exist between your FGT and your switches.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
So you have a ethernet bundle have you configured the correct settings on the switch? Also what happens if you have no 802.3ad and just a spann'd vlan, can you set an address up and ping across it?
Without seeing the switch and fw cli configurations, we would only be guessing.
FWIW; I would review the allow vlan list for the adtran and ensure the vlan matches and are create & try the setup with just a single-port and single-vlan 1st to work out your bugs.
Ken
PCNSE
NSE
StrongSwan
It sounds like you want both switches to be on the same L2 network as each other.e.g. port 13+14 and port 15+16 to be on the same fortigate hardware or software switch so you can forward traffic (layer2) from Switch1 to Switch2 - is that the case?
When you create a trunk(aka 802.3ad LAG/EtherChannel) on the Fortigate the ports are on their own L3 interface so to get traffic from switch1 on port13+14 to switch 2 on port15+16 you would need to route using IP and firewall policies- via different layer3 addresses. You cannot add a 802.3ad agg interface as a member of a hardware switch or software switch which would be required to allow L2 traffic between the 2 x 802.3ad agg
Depending on the bandwidth you want to pass through the FG you would be better stacking the switches (if supported) and using a multichassis TRUNK (802.3ad) to the Fortigate. e.g. port13 stack1-switch1, port14 stack1-switch2.
If stacking and multichassis support is not possible on the switches, rather than an 802.3ad you could create a 'redundant interface' which would work active/passive.
Sorry I haven't responded, I've been busy with another problem. Yes, I simply wanted to aggregate the links between the Fortigate and the Adtran switches for better throughput. I had originally set up two aggregated interfaces separate from the switch interface, with routes and policies, but was having problems, so I removed those and used a single port from the switch interface to each of the switches, so I would have something working. But I've put off solving this problem to have time to solve another - which I'm posting on a separate thread. Thanks for all the help so far - I'll be back to go further!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1787 | |
1117 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.