Use this command to configure bridged network interfaces, also called v-zones.
Bridges allow network connections to travel through the FortiWeb appliance’s physical network ports without explicitly connecting to one of its IP addresses.
For FortiWeb-VM, you must create vSwitches before you can configure a bridge. For details, see the FortiWeb-VM Install Guide:
To use this command, your administrator account’s access control profile must have either
rw permission to the
netgrp area. For details, see Permissions.
config system v-zone
set mtu <mtu_int>
Type the name of the bridge. The maximum length is 15 characters.
To display the list of existing bridges, type:
|Type the names of two or more network interfaces that currently have no IP address of their own, nor are members of another bridge, and therefore could be members of this bridge. Separate each name with a space. The maximum length is 63 characters.
Enter the maximum transmission unit (MTU) that the bridge supports.
When you specify the MTU for a bridge, FortiWeb automatically sets the MTU for the v-zone members to the same value.
Valid values are 512–9216 (for IPv4) or 1280–9216 (for IPv6).
Enable/disable multicast snooping.
|Specifies whether FortiWeb automatically brings down all members of this v-zone if one member goes down.
|Enter the names of network interfaces that are members of the bridge and send and transmit traffic using the MAC address of their corresponding FortiWeb network interface.
When the operation mode is True Transparent Proxy, by default, traffic to the back-end servers preserves the MAC address of the source. If you are using FortiWeb with front-end load balancers that are in a high availability cluster that uses multiple bridges, this mechanism can cause switching problems on failover. When the v-zone uses the MAC address of the FortiWeb network interface instead, a failover does not interrupt the flow of traffic.
Available only when the operation mode is True Transparent Proxy.
This example configures a true bridge between port3 and port4. The bridge has no virtual network interface, and so it cannot respond to pings.
config system v-zone
set interfaces port3 port4