set firewall in transparent mode. set policy allow ip getaway and ip broadcast using protocol RIP. why fortigate deny ip broadcast and protocol RIP in local traffic .
set policy as :
set name "RIP Protocol" set srcintf "port1" set dstintf "port2" set action accept set srcaddr "gateway" set dstaddr "broadcast" set schedule "always" set service "RIP" set inspection-mode proxy set logtraffic all
Broadcast, Multicast, and Unicast Forwarding In Transparent mode.
IPv4 packets are typically only forwarded by the FortiGate from a port to another port when a firewall policy is matched with action ACCEPT. Below are exceptions. l L2 (IP) Broadcast frames forwarding: L2 (IP) means a L2 frame type 0x0800 (IP) or 0x0806 (ARP) l ARP: by default, ARP broadcasts and ARP reply packets are flooded/forwarded on all ports or VLANs belonging to the same forwarding domain, without the need of firewall policies between the ports. This default behavior is necessary to allow the population of the FDB and allow further firewall policy lookup (see section Transparent mode Firewall processing for more details). This option is configurable at the interface settings level with the parameter arpforward (enabled by default). l Non-ARP: To forward non-ARP broadcasts, the following CLI command is used: config system interface edit "port2" set broadcast-forward enable next end
Related to Multicast traffic please to also check below:
Multicast Processing In Transparent mode, a FortiGate does not forward frames with multicast destination MAC addresses by default. If multicast traffic is required, multicast policies are recommended to allow finer control of this traffic. Forwarding all multicast traffic with policy Multicast traffic may have to be forwarded through a Transparent mode device using the multicast-skippolicysytem setting. This is the configuration for this solution: config system settings set multicast-skip-policy enable end In that case, no check is performed on sources/destinations/interfaces. A multicast packet received on an interface is flooded unconditionally to all interfaces (except the incoming interface) belonging to the same forwarding domain. Configuring firewall multicast-policy The use of firewall multicast-policy allows a finer control over the multicast packets. Hereafter are some commented examples. Note that the parameter multicast-skip-policy mentioned above must be left to disabled. Those policies can only be configured from the CLI. 1- Simple policy config firewall multicast-policy edit 1 set action accept next end In that case, no check is performed on sources/destinations/interfaces. A multicast packet received on an interface is flooded unconditionally to all interfaces (except the incoming interface) belonging to the same forwarding domain. 2- To restrict incoming and outgoing interfaces: config firewall multicast-policy edit 1 set srcintf "port1" set dstintf "port2" set action accept next end
we would appreciate if we have more details on what you want to achieve.From the description you mention local traffic which is usually interpreted as traffic destined to or originated from Fortigate, but on the configuration sample we see traffic sourcing from port1 going to port2. Please to elaborate on the problem so we can better address it and help you with your issue.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.