Q1 How do you configure a switch virtual interface and
do vlan tagging on the firewall ports using GUI?
Q2 If it is possible, pls do guide me and advice if I am supposed
to use a software switch or a hardware switch?
Q3 How come there can be 3 ip addresses for the physical
and virtual interfaces? Ip addresses should only be on the physical
or virtual interface, not both. (there are one physical and 2 virtual interfaces)
Q4 How do you configure an interface and assign sub-interfaces to it
using GUI?
Solved! Go to Solution.
A1. Again no SVI. No way with FortiGates. FGTs are not "L2/L3 switch-router".
Toshi
Hello.
Please check this article here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-VLAN-tagged-interface-802-...
Hello,
Thank you for your questions.
Answer to your Q1 and Q3. Go to Network -> Interfaces -> Create New.
And there you have option to create different type of interfaces, for example Virtual-switch and hardware-switch (some options might be missing based on model, firmware, etc). Also, you have option to enable and configure secondary IP address to the interface.
Difference between Software-switch and hardware-switch is that not all devices have option to create hardware-switch. Purpose of hardware-switch is to bound together multiple hardware ports. Main difference is that traffic via hardware switch is possible to offload to ASIC, while software-switch process all packets via CPU:
https://docs.fortinet.com/document/fortigate/6.2.10/cookbook/100999/hardware-switch
And to answer your last questions. It depends what kind of sub-interface you want to create. For example, if you are creating VLAN, you need to specify to which parent interface this VLAN belong. If you are creating Ipsec tunnel, after you will configure it and if you configure route-based VPN, system will create tunnel interface, etc.
Hi,
So vlan is physical vlan?
Software switch is logical vlan?
I want to create router on a stick.
One interface have multiple vlan.
This is the subinterface I want to create.
How to do it?
Hey,
As my colleague share the docs, check this:
This will show you how to create VLAN on specific interface.
Vlan is not a physical interface and software-switch is not a logical vlan. Software-switch is switch.
ok. in that case, since software switch is not logical vlan, how do i create a logical vlan?
How do you differentiate between logical and physical vlan?
For these 3 interfaces, why is it possible to assign ip addresses on physical and logical interfaces at the same time?
If i connect to this interface, what ip address will i get?
Hello,
In your case, internal2 interface is untagged, SVI-1 is tragged as vlan 1 and SVI-10 is tagged as vlan10 I guess. So if you connect PC directly to internal2 interface, without any config, PC will send untagged traffic. So you will get IP from that interface. If you will put switch in the middle, switchport connected to FortiGate should be trunk. And the rest should be clear, based on access port vlan, traffic will be received by interface based on tag vlan.
Hi,
Q1 Is it possible not to configure any ip addresses on the first interface and any configure on the sub interfaces?
Q2 Is it possible to form an etherchannel and configure ip address only on the sub interfaces?
BTW, with FortiGate architecture, "SVI" concept doesn't exist. All sub-interfaces are attached to their parent interfaces. The parent can be a single physical port, aggregated LAG interface, combined hard- or soft-switch interface. But never "float" with a VLAN tag.
Toshi
Good day,
Q1 Since there is no way to configure a logical vlan,
Is there any workaround for this?
Also I am still confused between software switch and vlan.
Q2 Isnt a vlan a virtual switch, so virtual switch is the same as software switch?
I am new to fortigate so please kindly clarify my questions.
Thank you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.