How to Configure VXLAN on Fortigate
HTML-код
- Опубликовано: 25 дек 2022
- VXLAN configuration on Fortigate, config VXLAN FortiGate, Extend VLAN over IP, VXLAN, Extend L2 Networks Across Layer 3, How VxLAN Works, fortigate vlan, fortigate software switch, how to config vxlan on fortigate , How to Configure VXLAN on Fortigate
Subscribe: / @sinaonline
How to Configure VXLAN on Fortigate : • How to Configure VXLAN...
![VXLAN over IP - simple scenario and configuration - Arista HER [Head End Replication]](/img/1.gif)
Fantastic video! Would this a good use case for servers, especially with disaster recovery? Also can this be done on an SDwan interface instead of a direct WAN port?
Hi , if you like video please subscribe to my channel , that is very useful way to implement Disaster Recovery Datacenter , because you can extend layer 2 connection between datacenters , yes , you can do on SD-wan but not directly configure on SD-wan port. to do this you have to create a loopback interface and create a session between both firewall loopback interfaces on firewalls.
Nice one, Can you please point me to some doco on this. Is this part of any of the certification docs?
Hi, thanks for this video. is it possible also to configure a default gateway to this subnet so they can be reachable from other subnets?
Hi, can you tell me more details? In vxlan you extend layer 2 and you should have just one gateway
Hi, is this possible with Dynamic plubic ip on site B and static public ip on site A? One end will be placed behind random nats as we want to be able to layer 2 into our own network from different locations. set remote-ip wont work when using dynamic ip....
Hi , Using dynamic ip is not possible , because vxlan works like point to point protocol and each point should know other end ip address , may be you can use dns name instead of IP address, i have not test that before.
Very informative! When we try to create the software switch and add members, the only member available is the vxlan port created, no VLAN interfaces. We are using an aggregation for our inside connection and all VLAN interfaces are under that aggregation. Does this method support using VLAN interfaces under an 802.3ad LACP interface?
İf you send me the topology i can better understanding your mean
@@sinaonline We talked with Fortigate support and they indicated it is not supported to add an interface that already has logical (VLAN in our case) interfaces below it.
Hi, got a question. When i am creating a software switch, i don't get the vlan to add as a member. Only the physical interfaces and the vxlan we created are present. The version i am running is 7.2.4.
Are you sure any rule does not assigned to vlan? For example is you have any ip address assigned on vlan interface you can not add to software switch
@@sinaonline I checked the interface it's a 10gig X1, configured the vlan as you mentioned but it still won't show up in the members list
Issue resolved, Upgraded to 7.4.2. It seems there are limitations on 7.2.1 firmware version
thanks for share with us
have you ever try vxlan for vlan 1(native vlan) i tried but didn't work it
i have not try native vlan to forward from vxlan but i think its possible and no problem will occurs during configuration.
well, this is safe? how can we with ipsec encryption?
Hi Ahmet, you are right, create vxlan over ipsec is secure more than wan interface, configuration is the same as wan interface. If you have another question you can ask in the comments
@@sinaonline How much security risk will there be if we do not use ipsec? MITM attack or etc.
thank you very much for reply :)