This is one a 600C, using 4.0MR3p14
Is it possible to create a soft-switch in a transparent mode VDOM?
We have a single inbound internet feed that gives us two /29 IP blocks, with VLAN Tags for each (2 and 3).
I have 10 internet facing machines, 5 each on the two /29 blocks.
I need to send each one of those blocks (and their tag) to their respective PCs.
I initially left port 5 in root, and created 2 transparent VDOMS (vdom-vlan2 and vdom-vlan3).
I then created a VLAN for each tag (DMZ2 and DMZ3) on port 5.
I assigned ports 6,7,8,9,10 to vdom-vlan2
I assigned ports 11,12,13,14,15 to vdom-vlan3
I then tried to soft-switch;
DMZ2, 6,7,8,9,10 (VLAN2Switch) and
DMZ3, 11,12,13,14,15 (VLAN3Switch).
As long as I created this in a config file and uploaded it, it worked (traffic flowed)....until the device was rebooted. Then it broke the soft-switch up again.
Is there a better way to get these 10 machines talking to port 5? They are all statically assigned.
Also, I know soft-switch forces the CPU to get involved so hardware acceleration is lost, so maybe I' m going down the wrong path.
Any assistance would be greatly appreciated!
Mmm, I think I solved it. I left everything as is, except I created a zone with ports 6,7,8,9,10 in vdom-vlan2, and a zone with ports 11,12,13,14,15 in vdom-vlan3
That appears to allow traffic to flow just fine between port 5 and all those ports individually.
Anything I should be cautious about, doing it this way? Will this make as big of a hit to the CPU as a soft-switch?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.