Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HS08
Contributor

Created on ‎02-11-2025 04:20 AM

Vlan Trunk Over VPN

I have lant to migrate all of virtual machine to new server in different location, and we need to keep same ip address.

The vlan handled by core switch and the core switch connected to the fortinet, in new location i also have same devices and both location have internet connection.

Since the migration will done partially, this need both location should have same ip address, same vlan and can communicate each other.

So can we use VPN in fortinet to transfer Vlan ? In my mind if we can transfer vlan over VPN then the new location will have same vlan and each host on new location can communicate with devices in of location.

IF migration is done for all virtual machine then i can shutdown vlan interface on old location and make new interface vlan on core switch in new location.

Labels:
490
0 Kudos
1 Solution
funkylicious
SuperUser
SuperUser

Created on ‎02-11-2025 04:29 AM

this would be what you need for L2 networks across locations, 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-setup-a-VXLAN-over-IPsec-deployment...

or for multiple vlans

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/821119/vxlan-over-ipsec-tunn... 

 

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
481
7 REPLIES 7
funkylicious
SuperUser
SuperUser

Created on ‎02-11-2025 04:29 AM

this would be what you need for L2 networks across locations, 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-setup-a-VXLAN-over-IPsec-deployment...

or for multiple vlans

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/821119/vxlan-over-ipsec-tunn... 

 

"jack of all trades, master of none"
"jack of all trades, master of none"
482
HS08
Contributor
In response to funkylicious

Created on ‎02-11-2025 04:57 AM

But in my case the vlan handled by core switch. Should i connect one port from core switch as trunk port and connected to the fortinet port? What ip should be assign in this fortinet port?

467
0 Kudos
funkylicious
SuperUser
SuperUser
In response to HS08

Created on ‎02-11-2025 05:10 AM Edited on ‎02-11-2025 05:10 AM

configure a port in mode access and connect the fortigate port to it.

dont assign any IPs to it, since the switch interface that you would need to create would not make the port be 'visible' for selection alongside the vxlan interface.

"jack of all trades, master of none"
"jack of all trades, master of none"
460
0 Kudos
HS08
Contributor
In response to funkylicious

Created on ‎02-11-2025 05:12 AM

so port in fortinet side is access with no IP and port in core switch as trunk port, am i right?

457
0 Kudos
funkylicious
SuperUser
SuperUser
In response to HS08

Created on ‎02-11-2025 05:23 AM Edited on ‎02-11-2025 05:23 AM

if you want to transport multiple vlans, trunk would be the case and on the Forti side you would need to create subinterfaces to tag the traffic with appropiate vlans.

 

if you only need a single vlan, then the port on the sw side should be in access vlan X.

"jack of all trades, master of none"
"jack of all trades, master of none"
452
0 Kudos
HS08
Contributor
In response to funkylicious

Created on ‎02-11-2025 05:27 AM

understood, so if i want transfer 2 vlan then i must create 2 subinterface on fortigate. Right?

446
0 Kudos
funkylicious
SuperUser
SuperUser
In response to HS08

Created on ‎02-11-2025 06:16 AM

you are correct.

"jack of all trades, master of none"
"jack of all trades, master of none"
437
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.