Hi, Fortinet GURU's
I've a question about vlan settings. I've checked some documents already, on my platform, those guidance didn't work.
Topology is easy:
Fortigate1 (ROOT VDOM only) port1 <-----> (port1) Cisco L2 switch (port2) <---> Fortigate2 (ROOT VDOM only) port1
On FG1, vlan interface "vlan_20" is created in port1 with ip 1.1.1.1/30, vlanid 20
On FG2, vlan interface "vlan_20" is created in port1 with ip 1.1.1.2/30, vlanid 20
On Cisco switch port1 and port2, trunk dot1q encapsulation has been enabled. vlan 20 is created.
Very easy settings.
However, on FG1 ROOT VDOM, I can't ping 1.1.1.2.....
Don't understand why...
Could anyone please advise?
Thanks.
Have you allowed ping on the vlan interfaces? It's under the interface definition, not a security policy.
Hi, Tanr
I enabled "ping" on vlan interface already.
Is the switch allowing tagged packets on both sides? The FortiGate only does vlans with tags.
Are you pinging from the FortiGate (exec ping) or from a different device? If pinging from the FortiGate, have you set the source-ip (under exec ping-options)?
What do you see from a traceroute? Could your routes be misdirecting this?
Hi,
Did you implement the sub-VLAN interface on the FortiGates with VLAN ID 20 or simply configure the network on the physical port itself?
Is the trunk/tagged link on your Cisco switch using VLAN 20 as the native VLAN?
Check ARP is resolving "get system arp" and ICMP is allowed via the interfaces on both appliances.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.