Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor II

Created on ‎11-13-2024 08:49 AM Edited on ‎11-13-2024 08:53 AM

Software switch witouth loop in fortigate?

Hi all, 

I have 2 switches connected to 2 fortigate interfaces that forms a software switch. This software switch routes some Vlans that terminates at these ports. Both ports share layer 2 and 3 parameters. When traffic from different vlans reaches firewalls, I route traffic between then with rules.

I won't go into the details of this design, but the switches are in different locations and need to share networks/vlans.

 

With software switch, servers from both switches can directly reach the gateway with direct connections to the firewall. In some cases, I move virtual servers between locations (using a dedicated Fiber cable) and with this topology servers works with same network configuration in both sites.

 

I would like to connect a new cable between switch 1 and switch 2 to bypass traffic between same vlans but, if I do that, I'll form a layer 2 loop. (Red line diagram). What I would like if it's possible is:

1)Use 2 different ports in firewall to can route same networks/vlans (north south).

2)Add a new connection to bypass east-west traffic between same vlans (witouth routing). I don't want in any case to use spanning tree.

 

Is there any way to do that? Changing the software switch to another type of configuration would not be a problem.topology.JPG

 

I attach a symple diagram so you can better understand the topology. I know this is probably not possible, but I prefer to confirm with you. I can't form a LAG cause switches doesn't forms an MCLAG or stack and is not possible to form it with them.

 

 

 

 

 

 

Labels:
263
0 Kudos
6 REPLIES 6
Stephen_G
Moderator
Moderator

Created on ‎11-17-2024 09:27 AM

Hello,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Stephen - Fortinet Community Team
170
0 Kudos
Stephen_G
Moderator
Moderator

Created on ‎11-19-2024 11:27 AM

Hello fortimaster,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Stephen - Fortinet Community Team
132
0 Kudos
Gab_FTNT
Staff
Staff

Created on ‎11-21-2024 07:03 AM

Hello FortiMaster,

Adding the wire between Switch1 and switch2 will without any doubt create a loop in the network.
It is simply not possible from my understanding, there's no avoiding this without unplugging a port, using STP or keeping a port down.

Regards,
Gabriel

Keeping IT simple.
82
fortimaster
Contributor II
In response to Gab_FTNT

Created on ‎11-21-2024 07:47 AM

That's what I thought. Thanks for your help.

67
0 Kudos
ebilcari
Staff
Staff

Created on ‎11-21-2024 08:24 AM

STP is also not supported for Software switch. This is not the right way to configure this setup but you can try by blocking Intra-switch traffic in the software switch configuration (I haven't tested and don't know the exact behavior).

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
62
fortimaster
Contributor II

Created on ‎11-21-2024 08:34 AM

That's just that I want... I will look into it.

54
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.