FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to parameter 'STP forwarding'.
Solution A FortiGate does not participate in the Spanning Tree Protocol (STP). STP is an IEEE 802.1 protocol that ensures there are no layer-2 loops on the network. Loops are created when there is more than one route for traffic to take and that traffic is broadcast back to the original switch.
This loop floods the network with traffic, reducing available bandwidth to nothing.
If a FortiGate is used in a network topology that relies on STP for network loop protection, make changes to the FortiGate configuration is needed. Otherwise, STP recognizes the FortiGate as a blocked link and forwards the data to another path. By default, the FortiGate blocks STP as well as other non-IP protocol traffic.
Using the CLI, it enables forwarding of STP and other layer-2 protocols through the interface. In this example, layer-2 forwarding is enabled on the external interface:
# config system interface edit external set l2forward enable set stpforward enable next end
By substituting different commands for stpforward enable, it allows layer-2 protocols, such as IPX, PPTP, or L2TP, to be used on the network.
STP support for FortiGate models with hardware switches STP (Spanning Tree Protocol) used to be available only on the old style switch mode for the internal ports. activate STP is now possible on the hardware switches found in the newer FortiGate models. These models use a virtual switch to simulate the old switch mode for the internal ports.
To enable STP from CLI.
# config system interface edit lan set stp {enable | disable} next end
