Fortinet Firewall in transparent mode over VLAN Trunk 802.1Q
We have a fortigate firewall in transparent mode. WAN interface is on VLAN 10 and INTERNAL interface is on VLAN 20. If I connect a server behind VLAN 20 on the switch where the firewall is connected everything works fine. The problem is when I connect to another switch that is getting VLAN 20 over a 802.1Q VLAN TRUNK. In this scenario the server cannot be reachable. I think this is related to ARP requests. Any lights on this?
Just to clarify, all server inside VLAN 20 are reachable within the VLAN. Just that firewall traffic from VLAN 10 to VLAN 20 is not reachable.
Software/Hardware used:
CISCO 3550, Fortigate 200B
Software/Hardware used:
CISCO 3550, Fortigate 200B
ASKED:
December 20, 2011 9:11 PM
UPDATED:
February 28, 2012 2:43 PM
Answer Wiki:
Hello
You are using a transparent mode instead of Nat, then we are in a layer 2 environment.
means from Vlan 10 to vlan 20 , there is no way you can have any packet. that what a broadcast domain is used for (VLAN)
From the internal port point of view id your switch is on a different vlan such as vlan 1 for example and you extend the vlan 20 using 802.1q or even dot1q (wich is a Cisco way of using 802.1q) then on both side you should have the same set-up
same native vlan (vlan 1)
same 802.1q vlan (vlan20)
good luck, please consider using the NAT mode, more secure, more efficient and not really more complicate
best regards
To see all answers submitted to the Answer Wiki: View Answer History.
RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
