System Network
VLANs in Transparent mode
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
157
2
Select Create New to add firewall addresses that match the source and destination IP
addresses of VLAN packets.
“About firewall addresses” on page 345
.
3
Go to
Firewall > Policy
.
4
Add firewall policies as required.
Troubleshooting ARP Issues
Address Resolution Protocol (ARP) traffic is vital to communication on a network and is
enabled on FortiGate interfaces by default. Normally ARP packets to pass through the
FortiGate unit, especially if it is sitting between a client and a server or between a client
and a router.
Duplicate ARP packets
ARP traffic can cause problems such as duplicate ARP packets making the recipient
device think the packets originated from two different device, which is generally an attempt
to hack into the network.
This is true especially in Transparent mode where ARP packets arriving on one interface
are sent to all other interfaces, including VLAN subinterfaces. Some Layer 2 switches
become unstable when they detect the same MAC address originating on more than one
switch interface or from more than one VLAN. This instability can occur if the Layer 2
switch does not maintain separate MAC address tables for each VLAN. Unstable switches
may reset causing network traffic to slow down.
ARP Forwarding
One solution to the duplicate ARP packet problem is to enable ARP forwarding.
When ARP forwarding is enabled, the Fortigate unit allows duplicate ARP packets that
resolve the delivery problems caused by duplicate ARP packets. However, this also opens
up your network to potential hacking attempts that spoof packets.
For more secure solutions, see the
FortiGate VLANs and VDOMs Guide
.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...