Fortinet black logo

Handbook

VLANs vs forwarding domains

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:574633
Download PDF

VLANs vs forwarding domains

There are several differences between VLAN and a forwarding domain configured on a FortiGate in transparent mode:

  • A forwarding domain is used to create separated broadcast domains between VLANs and allow independent VLAN learning - IVL (MAC addresses in the FDB). This would be equivalent to creating VLANs on a regular L2 switch.

When VLANs are used in the network, configuring different forwarding domains is essential to avoid broadcast duplications. See also section Default VLAN forwarding behavior for additional information.

  • VLANs configured on interfaces are only used for tagging packets egressing the port and classifying packets at ingress.
  • The packets processed by the direct interface (or port) itself are always sent untagged and must be received untagged.

VLANs vs forwarding domains

There are several differences between VLAN and a forwarding domain configured on a FortiGate in transparent mode:

  • A forwarding domain is used to create separated broadcast domains between VLANs and allow independent VLAN learning - IVL (MAC addresses in the FDB). This would be equivalent to creating VLANs on a regular L2 switch.

When VLANs are used in the network, configuring different forwarding domains is essential to avoid broadcast duplications. See also section Default VLAN forwarding behavior for additional information.

  • VLANs configured on interfaces are only used for tagging packets egressing the port and classifying packets at ingress.
  • The packets processed by the direct interface (or port) itself are always sent untagged and must be received untagged.