Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Special notices

There is an additional command available only on the FG-92D model:

config system global

set hw-switch-ether-filter {enable | disable}

end

 

By default, the hw-switch-ether-filter command is enabled. When the command is enabled:

  • ARP (0x0806), IPv4 (0x0800), and VLAN (0x8100) packets are allowed.
  • BPDUs are dropped, and no STP loop results.
  • PPPoE packets are dropped.
  • IPv6 packets are dropped.
  • FortiSwitch devices are not discovered.
  • HA might fail to form depending on the network topology.

When the hw-switch-ether-filter command is disabled, all packet types are allowed, but, depending on the network topology, an STP loop might result.

To work around this issue:
  1. Use either WAN1 or WAN2 as the HA heartbeat device.
  2. Disable the hw-switch-ether-filter option.

Special notices

There is an additional command available only on the FG-92D model:

config system global

set hw-switch-ether-filter {enable | disable}

end

 

By default, the hw-switch-ether-filter command is enabled. When the command is enabled:

  • ARP (0x0806), IPv4 (0x0800), and VLAN (0x8100) packets are allowed.
  • BPDUs are dropped, and no STP loop results.
  • PPPoE packets are dropped.
  • IPv6 packets are dropped.
  • FortiSwitch devices are not discovered.
  • HA might fail to form depending on the network topology.

When the hw-switch-ether-filter command is disabled, all packet types are allowed, but, depending on the network topology, an STP loop might result.

To work around this issue:
  1. Use either WAN1 or WAN2 as the HA heartbeat device.
  2. Disable the hw-switch-ether-filter option.