Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSwitch 7.0.0 Administration Guide
    7.0.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.11
    6.4.6
    6.4.5
    6.4.3
    6.4.2
    6.4.0
    6.2.5
    6.2.2
    6.2.1
    6.2.0

    Virtual routing and forwarding

    Virtual routing and forwarding

    NOTE: This feature is supported only on the switch virtual interface (SVI).

    You can use the virtual routing and forwarding (VRF) feature to create multiple routing tables within the same router.

    Use the following steps to configure VRF:

    1. Creating a VRF instance
    2. Assigning the VRF instance to a SVI
    3. Assigning the VRF instance to a static route
    4. Checking the VRF configuration

    Starting in FortiSwitchOS 7.0.0, OSPF supports VRF. To use VRF with OSPF, create a VRF instance and then use the same VRF identifier in the config vrf commands under config router ospf.

    Creating a VRF instance

    You create a VRF instance by assigning a name and an identifier.

    • The VRF name cannot match any SVI name.
    • The VRF identifier is a number in the range of 1-1023, except for 252, 253, 254, and 255. You cannot assign the same VRF identifier to more than one VRF instance. After the VRF instance is created, the VRF identifier cannot be changed.

    config router vrf

    edit <string>

    set vrfid <VRF_ID>

    end

    For example:

    config router vrf

    edit vrfv4

    set vrfid 1

    next

    edit vrfv6

    set vrfid 2

    next

    end

    Assigning the VRF instance to a SVI

    You assign the VRF instance to an SVI when you create the SVI. After the SVI is created, the VRF instance cannot be changed or unset.

    You can assign the same VRF instance to more than one SVI. The VRF instance cannot be assigned to an internal SVI.

    config system interface

    edit <interface_name>

    set vrf <string>

    end

    For example:

    config system interface

    edit v40

    set vlanid 40

    set vrf vrfv4

    next

    edit v50

    set vlanid 50

    set vrf vrfv4

    next

    end

    Assigning the VRF instance to a static route

    You assign the VRF instance to an IPv4 or IPv6 static route when you create the static route. After the static route is created, the VRF instance cannot be changed or unset.

    You can assign the same VRF instance to more than one static route.

    config router static

    edit <seq-num>

    set vrf <string>

    end

    config router static6

    edit <seq-num>

    set vrf <string>

    end

    For example:

    config router static

    edit 1

    set device mgmt

    set gateway 192.168.0.10

    set status enable

    set vrf vrfv4

    end

    config router static6

    edit 2

    set dst 5555::/64

    set gateway 4000::2

    set status enable

    set vrf vrfv6

    end

    Checking the VRF configuration

    Use the following commands to check the VRF configuration:

    • get router info routing-table all
    • get router info6 routing-table
    Previous
    Next

    Virtual routing and forwarding

    Virtual routing and forwarding

    NOTE: This feature is supported only on the switch virtual interface (SVI).

    You can use the virtual routing and forwarding (VRF) feature to create multiple routing tables within the same router.

    Use the following steps to configure VRF:

    1. Creating a VRF instance
    2. Assigning the VRF instance to a SVI
    3. Assigning the VRF instance to a static route
    4. Checking the VRF configuration

    Starting in FortiSwitchOS 7.0.0, OSPF supports VRF. To use VRF with OSPF, create a VRF instance and then use the same VRF identifier in the config vrf commands under config router ospf.

    Creating a VRF instance

    You create a VRF instance by assigning a name and an identifier.

    • The VRF name cannot match any SVI name.
    • The VRF identifier is a number in the range of 1-1023, except for 252, 253, 254, and 255. You cannot assign the same VRF identifier to more than one VRF instance. After the VRF instance is created, the VRF identifier cannot be changed.

    config router vrf

    edit <string>

    set vrfid <VRF_ID>

    end

    For example:

    config router vrf

    edit vrfv4

    set vrfid 1

    next

    edit vrfv6

    set vrfid 2

    next

    end

    Assigning the VRF instance to a SVI

    You assign the VRF instance to an SVI when you create the SVI. After the SVI is created, the VRF instance cannot be changed or unset.

    You can assign the same VRF instance to more than one SVI. The VRF instance cannot be assigned to an internal SVI.

    config system interface

    edit <interface_name>

    set vrf <string>

    end

    For example:

    config system interface

    edit v40

    set vlanid 40

    set vrf vrfv4

    next

    edit v50

    set vlanid 50

    set vrf vrfv4

    next

    end

    Assigning the VRF instance to a static route

    You assign the VRF instance to an IPv4 or IPv6 static route when you create the static route. After the static route is created, the VRF instance cannot be changed or unset.

    You can assign the same VRF instance to more than one static route.

    config router static

    edit <seq-num>

    set vrf <string>

    end

    config router static6

    edit <seq-num>

    set vrf <string>

    end

    For example:

    config router static

    edit 1

    set device mgmt

    set gateway 192.168.0.10

    set status enable

    set vrf vrfv4

    end

    config router static6

    edit 2

    set dst 5555::/64

    set gateway 4000::2

    set status enable

    set vrf vrfv6

    end

    Checking the VRF configuration

    Use the following commands to check the VRF configuration:

    • get router info routing-table all
    • get router info6 routing-table
    Previous
    Next