Fortinet black logo

FortiGate-7000F Handbook

VXLAN support

Copy Link
Copy Doc ID fd130345-bc33-11ec-9fd1-fa163e15d75b:853234
Download PDF

VXLAN support

FortiGate-7000F supports terminating VXLAN traffic using VXLAN interfaces. VXLAN traffic cannot be load balanced, so you should use a flow rule, similar to the following, to send all VXLAN traffic terminated by the FortiGate-7000F to the primary FPM:

config load-balance flow-rule

edit 100

set status enable

set ether-type ip

set protocol 17

set forward-slot master

set src-interface <local LAN>

set dst-l4port 4789-4789

set comment "vxlan"

end

dst-l4port must be set to the VXLAN destination port. The default VXLAN destination port is 4789. You should change the port number range in the flow rule if you change the VXLAN port number.

VXLAN support

FortiGate-7000F supports terminating VXLAN traffic using VXLAN interfaces. VXLAN traffic cannot be load balanced, so you should use a flow rule, similar to the following, to send all VXLAN traffic terminated by the FortiGate-7000F to the primary FPM:

config load-balance flow-rule

edit 100

set status enable

set ether-type ip

set protocol 17

set forward-slot master

set src-interface <local LAN>

set dst-l4port 4789-4789

set comment "vxlan"

end

dst-l4port must be set to the VXLAN destination port. The default VXLAN destination port is 4789. You should change the port number range in the flow rule if you change the VXLAN port number.