Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
thoufik786
New Contributor II

Created on ‎03-18-2024 12:49 AM

inter-VLAN routing issue

Hi Team,

 

I have FG FW 601E, and I am facing the below issue on that FW, Please help me to resolve the same.

 

In my FW, I have multiple VLAN interfaces, and on those interfaces, incoming traffic for a particular IP is on one interface, and outgoing traffic is on another interface, like requests via VLAN100 and responses via VLAN200.

Is it possible to redirect or reroute the traffic from one interface to another? or any other solution apart from enabling asymmetric routing?

 

Regards,

Thoubik Ahamed P.

 

Thoufik
Thoufik
Labels:
759
0 Kudos
3 REPLIES 3
syordanov
Staff
Staff

Created on ‎03-18-2024 01:23 AM

Hello Thoubik ,


As far as i understand you have topology like this :

 

VLAN100<-->Fortigate<-->VLAN200

 

Withoyt asymetric routing you can route the traffic from VLAN100 to VLAN200 or vica versa , you just need to configure proper FW rules and adjust the routing if the source/destinations are not directly connected to Fortigate.

 

Best regards,

Fortinet

.
746
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎03-18-2024 01:57 AM

Hi Thoufik

I think you should try auxiliary sessions before asymmetric routing, as it is cleaner and more secure.

You just need to add a route defined on VLAN200 towards the target subnet.

Please check the below docs for more info.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Differences-between-asymmetric-routing-and...


https://community.fortinet.com/t5/FortiGate/Technical-Tip-Understanding-the-routing-decision-regardi...

 

AEK
AEK
735
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎03-18-2024 08:58 AM

Why do you need to do that? You're saying like a ping packet to the FGT is coming from 10.10.10.10 into VLAN100 but the ping reply to 10.10.10.10 needs to go out VLAN200.
Or are you saying the packets are just passing through the FGT, requests are coming from a and going out b, and replies are coming back from b and going out a?

Toshi

709
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.