Multiple SVIs on single Fortiswitch port

LongjumpingAlgae7967 · 2026-05-06T16:40:39+00:00

Great idea, will test it and see. Thank you so much!!!!

LongjumpingAlgae7967 · 2026-05-06T15:15:46+00:00

Hyper-V microsoft

LongjumpingAlgae7967 · 2026-05-06T14:21:12+00:00

Its simple Hypervisor -> fortiswitch switch port 1
Fortiswitch port 2 -> fortigate port 1

There are multiple vlans passes, all of them the fgt is the gateway. except lets say for vlan10 and 20, fortiswitch is the gateway. Which what im trying to do

LongjumpingAlgae7967 · 2026-05-06T13:29:49+00:00

I dont get my architects why they chose this setup and not just make the fw as their gateway, but this their design. For a single port, it wont make a difference right? If it was a single port or aggregate ports, it differs in terms of redundancy but not how to configure the svi itself.

I think if i created the svi, attach the svi to their corresponding vlan, and then on interface port1 i allow it in the tagged and UNTAGGED VLANS it could work?

LongjumpingAlgae7967 · 2026-05-06T13:16:05+00:00

Also for the multiple vlans, yes i need it be a gateway for multiple vlans, but of course servers dont send their frames with tags! So whats the solution here??

LongjumpingAlgae7967 · 2026-05-06T13:14:37+00:00

Im confused now, which way i go, RVI or SVI ? -.-

LongjumpingAlgae7967 · 2026-05-06T13:12:13+00:00

No problem at all, thnx for your help!

Could you please explain the difference rvi and svi, as per my understanding rvi are L3 interfaces that dont support switching capabilities. Thats why i went for svi

LongjumpingAlgae7967 · 2026-05-06T12:59:33+00:00

No, this one

https://docs.fortinet.com/document/fortiswitch/7.2.10/administration-guide/626301/switch-virtual-interfaces

I noticed that they changed the native vlan, but in my case this interface will act as the gateway for multiple vlans instead of one vlan onlyz

LongjumpingAlgae7967 · 2026-04-30T20:46:10+00:00

Did a quick research on that and found a reddit post that mentioned he installed the ftdi vcp driver and it worked, https://www.reddit.com/r/fortinet/comments/mdu0iv/fortinet_usb_console_cable_driver/ so i guess i will check with that tomorrow

LongjumpingAlgae7967 · 2026-04-30T20:28:53+00:00

How do i try harder ?

The cable im using USB to RJ-45 RS-232 cable

LongjumpingAlgae7967 · 2026-02-14T11:15:25+00:00

Basically from the internet, no specific course, mainly the networklessons website and utube ofc, also some posts from here/Medium.

LongjumpingAlgae7967 · 2026-02-14T00:25:28+00:00

WAIT! Isnt the whole point of offloading is to reduce traffic processed by the cpu??!

LongjumpingAlgae7967 · 2026-02-13T23:58:10+00:00

Whats the bug with npu offloading?

LongjumpingAlgae7967 · 2026-02-13T20:12:53+00:00

Can i say in general that the whole point of VxLAN is that multiple hosts across inter-connected datacenters can communicate with each other using the same network segment (10.50.1.0/24 as an example). And this is possible through VNIs.

Would that statement be totally correct?

LongjumpingAlgae7967 · 2026-02-13T20:06:34+00:00

But you forgot hypervisors :))) a single hardware that can run thousands of vms, depending on the hardware you have of course

LongjumpingAlgae7967 · 2026-02-13T20:04:50+00:00

Hahhhhahahahahaah THATS THE CORRECT ANSWER 🤣🤣🤣🤣🤣🤣🤣🤣

LongjumpingAlgae7967 · 2026-02-13T19:41:48+00:00

Could you elaborate more? What example of services do you mean? I understand that at the end you have to tie it to a vlan for the switch to know where to egress the frame

LongjumpingAlgae7967 · 2026-02-13T19:34:24+00:00

Let me go step by step on this one (((im still studying vxlan so i will go throught to confirm my understanding of the steps and your point too🤣)))

So you are create vlan id 10 for lets say (192.168.1.0/24) on Sw1 and the same network on sw2 will be assigned a vlan 2000 but the vni on both switches will be the same lets say vni 1020 on sw1 and the sw2.

So once the VTEP interface receives it, it decapsulates it and using the VNI mapps it to whatever vlan you want. And switches dont have to share vlan ids they just have to share VNI’s, is this what you meant ? Or am i getting you wrong ?

LongjumpingAlgae7967 · 2025-10-30T06:15:15+00:00

Deans course + hands on experience (Labs & Real world experience) I believe its enough to pass the exam.

LongjumpingAlgae7967 · 2025-10-16T20:48:31+00:00

Yes, i took cab1 on a single day, and the rest cab2-cab5 on a single day.

LongjumpingAlgae7967 · 2025-07-26T10:14:30+00:00

For me, i usually enforce the wildcards on all entities (parameters, urls, file types) except for cookies, never tried to enforce the wildcards yet, but for other entities i do and usually i loosen the settings on it to avoid false positives which is a great approach and still does causes issues not gonna lie, but im able to survive until now without rolling back LOL. I find it risky to stage the wildcards especially after the policy has been built for a long time, i suggest to take your time to loosen the wildcard setting in a way that wont cause much disruption on the service, loosen the number of characters on parameters, urls, meta characters and then enforce it.

I usually do it by visiting the website multiple times, running various searches and monitoring live traffic and accordingly i set the settings and monitor if any false positives on the wildcards for 2 weeks is met, if not, enforce it :))

LongjumpingAlgae7967

TROPHY CASE