Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mpeddalla
Staff
Staff

Created on ‎09-24-2023 11:20 PM

Article Id 274106

Technical Tip: How to create loopback interface on managed FortiSwitch and communicate with FortiGate loopback interface

Description This article describes how to create a loopback interface for FortiSwitch CLI and make sure communication between both loopback interfaces on FortiGate and FortiSwitch works.
Scope FortiGate v7.0.x and higher.
Solution
  • There will be a situation where communication between the loopback interface of FortiGate to FortiSwitch is necessary.

 

Step 1: Create a loopback interface on FortiGate and FortiSwitch:

Loopback interface on FortiGate.

In the below example, the loopback interface name is testloopback, and the IP address: 192.10.10.1/32.

 

loopback fortigate.png

 

Refer to the below article to create a loopback interface on FortiGate GUI:

Technical Tip: How to create loopback interface from GUI

 

Step 2: Create a loopback interface as the below steps on a FortiWwitch:

Loopback

 

In the below example, choose the FortiSwitch loopback interface as 192.168.200.10/32.

 

config system interface

    edit loopback

        set ip 192.168.200.10 255.255.255.255
        set allowaccess ping https http ssh telnet
        set type loopback
        set snmp-index 56

    end 

 

Step 3: Once the interfaces are created, it is necessary to create a static route for the loopback address of the FortiSwitch via the FortiLink interface with the FortiSwitch IP address as the gateway as the loopback interface does not have any VLAN ID to attach.

 

In the below example, 10.255.1.2 is the switch ip where the loopback interface is configured.

 

static route.png

 

Step 4: Make sure firewall policies are in place to pass traffic between the interfaces, and disable NAT.

 

firewall policy.png

 

Now,  try to ping the FortiSwitch loopback interface by sourcing from the loopback interface FortiGate source 192.10.10.1 destination 192.168.200.10/32 on the FortiSwitch.

 

test.png

 

From FortiSwitch:

 

S148EN5919-----4 # execute ping 192.10.10.1
PING 192.10.10.1 (192.10.10.1): 56 data bytes
64 bytes from 192.10.10.1: icmp_seq=0 ttl=255 time=8.5 ms
64 bytes from 192.10.10.1: icmp_seq=1 ttl=255 time=0.5 ms
64 bytes from 192.10.10.1: icmp_seq=2 ttl=255 time=0.5 ms
64 bytes from 192.10.10.1: icmp_seq=3 ttl=255 time=0.5 ms
64 bytes from 192.10.10.1: icmp_seq=4 ttl=255 time=2.9 ms

--- 192.10.10.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.5/2.5/8.5 ms
773
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.