- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Transparent mode in the middle of 802.1q trunk
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Transparent mode in the middle of 802.1q trunk
Hi,
the firewall is dropping all my traffic from the vlans in the trunk.
any1?
player.
rock the boat , dont sink the ship
player. rock the boat , dont sink the ship
8 REPLIES 8
Not applicable
Created on 05-12-2008 06:46 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your question is vague to me but I will tell you that I have found that when running multiple VLANs through a trunk on the Fortigates in TP Mode you have to create a VDOM for each VLAN. Otherwise the sessions get jacked somehow. Somehow the session tables will see traffic from 1 VLAN going through and coming back on another which will screw the session tables up unless you VDOM the VLANS off.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
suppose that i have 100 vlans in that trunk, i need to creat 100 vdoms for each one?
seems a little bit funny and not real.
there must be a way to deploy the FGT in the middle of the trunk in tp mode...
player.
rock the boat , dont sink the ship
player. rock the boat , dont sink the ship
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This supports my post:
http://kc.fortinet.com/default.asp?id=791&Lang=1&SID=
Not applicable
Created on 05-13-2008 06:03 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hello,
try to create a pair of vlan interface in each vlan id, example:
vlan99-wan1
vlan id=99
physical interface=wan1
vlan99-internal
vlan id=99
physical interface=internal
firewall policy: vlan99-wan1 > vlan99-internal and vice versa,
and so on with other different vlan id.
if it' s not working, then you should use per-vlan-vdom or forward-domain per vlan interface.
Regards,
Fadhil
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
rather building VDOMs for each pair - you simply can put each
VLAN-pair into a " L2 forwarding domain"
#conf sys inter edit vlan_p1_100 set fwdomain 123 next edit vlan_p2_100 set fwdomain 123 next edit vlan_p1_200 set fwdomain 987 next edit clan_p2_200 set fwdomain 987check the CLI Ref guid for " set fwdomain" Broadcasts (like ARP) are only forwarded within one fwdomain (or vdom) -R.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What Fortinet recommend when you have a lot of VLANS is just what red.adair said, put each VLAN in a separate L2 forwarding domain.
http://docs.fortinet.com/fgt/techdocs/fortigate-vlans-vdoms.pdf Page 195
Layard Terrero
Layard Terrero
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
d!rk' s pointer is this (it' s an old article:)
" Avoiding ARP problems with VLANs in Transparent mode"
http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=10791
And this looks like your solution on a silver platter:
" Technical Note : Configuring a FortiGate in Transparent mode with trunks (802.1q - VLANs) and forwarding domains"
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30083
supplemented by
" Technical Tip: Configuring a FortiGate in Transparent mode to forward traffic on VLANs and remapping VlanID using forwarding domains"
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD32877
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I started reading this and saw names from WAYYYY back... This post is as old as dirt...
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Multi-Level Network Connectivity Issues 709 Views
- FortiAP issue connected to fortiswitch 1391 Views
- How transparent is "transparent" 1015 Views
- Fortigate 500E Active-Active Transparent mode 2009 Views
- Separate LAN hosts 5052 Views
Labels
-
FortiGate
7,247 -
FortiClient
1,430 -
5.2
801 -
5.4
639 -
FortiManager
628 -
FortiAnalyzer
465 -
6.0
416 -
FortiAP
378 -
FortiSwitch
376 -
5.6
362 -
FortiClient EMS
292 -
FortiMail
282 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
178 -
FortiNAC
130 -
6.4
128 -
FortiGuard
117 -
SSL-VPN
112 -
IPsec
112 -
FortiGateCloud
97 -
FortiSIEM
95 -
FortiCloud Products
90 -
FortiToken
77 -
Customer Service
71 -
Wireless Controller
66 -
4.0MR3
64 -
SD-WAN
52 -
FortiProxy
49 -
FortiEDR
46 -
FortiADC
45 -
Fortivoice
44 -
FortiDNS
40 -
FortiGate v5.4
36 -
FortiSandbox
36 -
FortiExtender
35 -
FortiAuthenticator
35 -
Firewall policy
35 -
VLAN
32 -
FortiSwitch v6.4
32 -
High Availability
32 -
DNS
25 -
ZTNA
24 -
FortiWAN
24 -
LDAP
24 -
FortiConnect
24 -
FortiConverter
23 -
BGP
22 -
Certificate
21 -
Interface
21 -
SAML
20 -
FortiGate v5.2
20 -
Authentication
18 -
FortiPortal
18 -
Routing
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
FortiLink
16 -
FortiMonitor
15 -
RADIUS
15 -
NAT
15 -
Logging
15 -
FortiGate v5.0
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
SSL SSH inspection
13 -
Virtual IP
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
11 -
Application control
11 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiSOAR
9 -
FortiWeb v5.0
9 -
IP address management - IPAM
9 -
FortiManager v5.0
9 -
OSPF
9 -
4.0MR2
9 -
WAN optimization
9 -
RMA Information and Announcements
8 -
Proxy policy
8 -
FortiAnalyzer v5.0
8 -
FortiBridge
8 -
SNMP
8 -
FortiGate v4.0 MR3
8 -
Admin
8 -
Web application firewall profile
7 -
Static route
7 -
Security profile
7 -
FortiAP profile
7 -
Automation
7 -
4.0
7 -
Traffic shaping policy
6 -
trunk
6 -
IPS signature
5 -
Packet capture
5 -
Port policy
5 -
Antivirus profile
5 -
System settings
5 -
DNS Filter
5 -
FortiCache
5 -
FortiTester
5 -
FortiManager v4.0
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Traffic shaping profile
4 -
FortiPAM
4 -
Fortinet Engage Partner Program
4 -
FortiCarrier
4 -
3.6
4 -
FortiScan
4 -
DLP sensor
4 -
DoS policy
4 -
Email filter profile
3 -
Fabric connector
3 -
NAC policy
3 -
Users
3 -
Multicast routing
3 -
FortiToken Cloud
3 -
Application signature
3 -
DLP Dictionary
3 -
FortiDB
3 -
DLP profile
3 -
FortiInsight
2 -
Netflow
2 -
Protocol option
2 -
Zone
2 -
FortiNDR
2 -
FortiAI
2 -
FortiHypervisor
2 -
Schedule
2 -
Authentication rule and scheme
2 -
Explicit proxy
2 -
Internet Service Database
2 -
VoIP profile
2 -
4.0MR1
1 -
File filter
1 -
RIP
1 -
Multicast policy
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
TACACS
1 -
Replacement messages
1 -
FortiManager-VM
1 -
SDN connector
1 -
Service
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.