Description
This article gives a configuration example of how to forward traffic in between two VLANs in transparent mode.
For more information on the trunk, VLAN, forwarding domain and VDOM, please refer to the related articles.
Case Scenario:
- Two VLANs share a common IP subnet
- Administrator wants the FortiGate in TP mode to forward traffic between the VLANs
- Traffic arriving on vlan104-105_intern with frame tagged vlanid 104 will be transferred to interface vlan104-105_extern with frame tagged vlanid 105
Solution:
- Assign both interfaces to the same forwarding domain
Scope
All FortiGates or VDOMs running in transparent mode.
Solution
Step 1: Create VLANs and forwarding domains
edit "vlan104-105_intern"
set forward-domain 104
set interface "port2"
set vlanid 104
next
edit "vlan104-105_extern"
set forward-domain 104
set interface "port3"
set vlanid 105
next |
Step 2: Create the appropriate firewall policies
edit 3
set srcintf "vlan104-105_intern"
set dstintf "vlan104-105_extern"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
edit 4
set srcintf "vlan104-105_extern"
set dstintf "vlan104-105_intern"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next |
==> The FortiGate will remap the vlanid in the frame.
Related Articles
Technical Note: Configure a FortiGate unit in Transparent mode with trunks (802.1q - VLANs) and forw...
Technical Note: Configuration best practice and troubleshooting tips for a FortiGate in Transparent ...
