Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
avilt
New Contributor

Access among Bridge Ports

I have a Fortigate 200D appliance.

When I put many interfaces in a bridge, does it act like a normal L2 switch? How does the access policy among bridge interfaces work? Is there unrestricted access among bridge members like a L2 switch?

 

3 REPLIES 3
ede_pfau
Esteemed Contributor III

hi,

1- yes,

2- you cannot control traffic between switch ports

3- yes

 

In short, it's just a L2 switch. In some (higher) models a hardware switch chip is used, the smallest models use a software switch. In this case, the data handling is different but policing is not affected.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
avilt
New Contributor

Thank you How to find out from the spec whether filtering within bridge is supported or not
ede_pfau
Esteemed Contributor III

good question - as far as I know there is no direct mentioning of this in the Handbook.

Maybe you can deduct this from this reasoning:

Policies control traffic between logical ports. A physical port is at the same time a logical port, a VLAN is a logical port, an IPsec VPN phase1 is a logical port, but a switch is only one logical port consisting of one or several physical ports. Members of port aggregations (like LACP trunks, switches, zones) cannot be addressed individually. Thus a policy between member ports of an aggregation is not possible.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors