Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Itaid
New Contributor

Vlan and Trunk

vlan.jpg

Best Way to configure Fortinet 60f as per given topology. In this topology every Lan5 -Lan 7 is connected to L2 manageable switches. All client devices are connected through these L2 switches.  What will be the best possible configuration?

9 REPLIES 9
ebilcari
Staff
Staff

This will depend, are these Fortiswitches, do you need to span same VLANs through all the switches, is there any throughput requirement for horizontal traffic?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Itaid
New Contributor

No these are not Fortiswitches, they may be any other switches from different vendors such as cisco, ruijie etc. I need all VLANs through all switches and no throughput requirement.

ebilcari

The easiest way could be creating a hardware switch with these 4 interfaces and create VLANs on top of it, like this:

vlan-ex.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Itaid
New Contributor

you are using software switch in above diagram. Is hardware switch and software switch same?

ebilcari

Currently I have access to a FGT VM that doesn't support a HW SW :)

From the configuration perspective is the same, but there are differences and using a hardware switch is recommended in FGT models that support it. In the section of the guide here there is a table that list the differences.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Itaid
New Contributor

There is no option of hardware switch in some models. I'm not sure if it is available in 60F or not!

ebilcari

Based on the Hardware Acceleration guide and its architecture, this model should support hardware switch.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Toshi_Esumi
SuperUser
SuperUser

By the way, the 60F doesn't have LAN6-8. It has 1-5 LAN port, a/b fortilink ports, and DMZ port. So you have to utilize a/b and DMZ as LAN6-8 if LAN1-5 are pre-occupied.
All of them are under the same switching fabric so you can bind them into a hardware-switch(or VLAN switch by default) once you removed a and b from fortilink.
https://docs.fortinet.com/document/fortigate/7.6.1/hardware-acceleration/758378/fortigate-60f-and-61...

Toshi

Itaid

Yes indeed, port 1-5 is free and not occupied. So we can use 1-5 instead of 6-8.Can you please elaborate with example or  configuration of using vlan switch?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors