FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
naveenk
Staff
Staff
Article Id 189539

Description


This article describes the limitation of maximum interfaces supported by a FortiGate.

Solution


The 802.3ad standard and Fortinet allow a maximum of eight interfaces to be aggregated.

However, at this time the number of physical interfaces available on FortiGate may limit this further because of the hash algorithm used to distribute the traffic in the link.
The recommendation is to use either 2, 4 or 8 physical ports in the aggregate.

 

In order to define an interface as a member of an aggregate interface, there should be no references to it.

This can be checked via GUI and CLI both.

 

GUI -> Dashboard -> Network -> Interfaces - portx -> check the reference column

alif_0-1642545073085.png

 

CLI:
diagnose sys cmdb refcnt show system.interface.name portx ---> where x is the interface, e.g., port1

(The output should be blank which indicates no references)


Limitations :

1) A physical interface may belong to no more than 1 aggregated interface.

2) An aggregated interface has to be specified as a non tagged interface in no more than one VLAN (there are no limitations for aggregated interfaces used as tagged interfaces; in other words, an aggregated interface has to be specified as a tagged interface in multiple VLANs).

3) When assigning interfaces (physical or aggregated) to a VLAN, only one interface (physical or aggregated) can be assigned to a VLAN.
To assign two physical interfaces to the same VLAN, create an aggregated interface containing those two physical interfaces, and then assign the aggregated interface to the VLAN.

Related link:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/207052/ha-with-802-3ad-aggregate-interfa...

Related Articles

Technical Note / FAQ: FortiGate and FortiOS support for 802.3ad (LACP - Link Aggregation)