FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nalexiou
Staff
Staff
Article Id 191346

Description

 

This article describes how to route traffic coming from VXLAN to other VLANs or interfaces.

 

Scope

 

FortiGate.

Solution


To configure VXLAN, see the article below under 'Related Articles'.

Note: This article describes how to configure native VXLAN without encryption.

In order to allow Traffic from VXLAN to reach destinations that do not belong to the VXLAN range, follow the steps below:

 

  • Assign an IP address in the switch interface:

The VXLAN configuration requires a switch interface as below:

 

config system switch-interface
    edit "name"
        set vdom "root"
        set member "vxlan-int" "port"
    next
end

 

The switch interface will be created:

 

edit "name"

set vdom "root"

set type switch

set snmp-index 34

next

 

The switch interface should be further configured:

 

config system interface
    edit "name"
       set vdom "root"
        set ip <IP from the range of vxlan>
        set allowaccess ping
        set vlanforward enable
        set type switch
     end   

 

After, firewall policies should be created to allow traffic from the switch interface to the interface or the VLAN to reach. NAT should be enabled where it is needed.

Note: The command 'edit name' is not used to make references. It is best practice to simply provide a unique identity for the named object.

Related articles

Technical Tip: How to configure native VXLAN without encryption.