Fortinet black logo

Handbook

Transparent Mode

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:723188
Download PDF

Transparent Mode

  • Do not connect two ports to the same VLAN on a switch or to the same hub. Some Layer 2 switches become unstable when they detect the same MAC address originating on more than one switch interface or from more than one VLAN.
  • If you operate multiple VLANs on your FortiGate unit, assign each VLAN id to its own forwarding domain to ensure that the scope of the broadcast does not extend beyond the VLAN it originated in.

To protect against Layer 2 loops:

  • Enable stpforward on all interfaces.
  • Use separate VDOMs for production traffic (TP mode VDOM) and management traffic (NAT mode VDOM).
  • Only place those interfaces used for production in the TP mode VDOM. Place all other interfaces in the NAT mode VDOM. This protects against potential Layer 2 loops.

Transparent Mode

  • Do not connect two ports to the same VLAN on a switch or to the same hub. Some Layer 2 switches become unstable when they detect the same MAC address originating on more than one switch interface or from more than one VLAN.
  • If you operate multiple VLANs on your FortiGate unit, assign each VLAN id to its own forwarding domain to ensure that the scope of the broadcast does not extend beyond the VLAN it originated in.

To protect against Layer 2 loops:

  • Enable stpforward on all interfaces.
  • Use separate VDOMs for production traffic (TP mode VDOM) and management traffic (NAT mode VDOM).
  • Only place those interfaces used for production in the TP mode VDOM. Place all other interfaces in the NAT mode VDOM. This protects against potential Layer 2 loops.