Fortinet black logo

FortiGate-6000 Handbook

VXLAN support

VXLAN support

FortiGate-6000 supports terminating VXLAN traffic using VXLAN interfaces. VXLAN traffic cannot be load balanced, so you should use a flow rule similar to the following to send all VXLAN traffic terminated by the FortiGate-6000 to the primary FPC:

config load-balance flow-rule

edit 0

set status enable

set ether-type ip

set protocol 17

set forward-slot master

set src-interface <local LAN>

set dst-l4port 4789-4789

set comment "vxlan"

end

dst-l4port must be set to the VXLAN destination port. The default VXLAN destination port is 4789. You should change the port number range in the flow rule if you change the VXLAN port number.

VXLAN support

FortiGate-6000 supports terminating VXLAN traffic using VXLAN interfaces. VXLAN traffic cannot be load balanced, so you should use a flow rule similar to the following to send all VXLAN traffic terminated by the FortiGate-6000 to the primary FPC:

config load-balance flow-rule

edit 0

set status enable

set ether-type ip

set protocol 17

set forward-slot master

set src-interface <local LAN>

set dst-l4port 4789-4789

set comment "vxlan"

end

dst-l4port must be set to the VXLAN destination port. The default VXLAN destination port is 4789. You should change the port number range in the flow rule if you change the VXLAN port number.