Chapter 10 Install and System Administration for FortiOS 5.0 : VLANs : Troubleshooting VLAN issues : Forward-domain solution
  
Forward-domain solution
If you are using transparent mode, the solution is to use the forward-domain CLI command. This command tags VLAN traffic as belonging to a particular collision group, and only VLANs tagged as part of that collision group receive that traffic. It is like an additional set of VLANs. By default, all interfaces and VLANs are part of forward-domain collision group 0. The many benefits of this solution include reduced administration, the need for fewer physical interfaces, and the availability of more flexible network solutions.
In the following example, forward-domain collision group 340 includes VLAN 340 traffic on port1 and untagged traffic on port 2. Forward-domain collision group 341 includes VLAN 341 traffic on port 1 and untagged traffic on port 3. All other interfaces are part of forward‑domain collision group 0 by default. This configuration separates VLANs 340 and 341 from each other on port 1, and prevents the ARP packet problems from before.
Use these CLI commands:
config system interface
edit port1
next
edit port2
set forward_domain 340
next
edit port3
set forward_domain 341
next
edit port1-340
set forward_domain 340
set interface port1
set vlanid 340
next
edit port1-341
set forward_domain 341
set interface port1
set vlanid 341
end
You may experience connection issues with layer-2 traffic, such as ping, if your network configuration has:
packets going through the FortiGate unit in transparent mode more than once
more than one forwarding domain (such as incoming on one forwarding domain and outgoing on another)
IPS and AV enabled.
Now IPS and AV is applied the first time packets go through the FortiGate unit, but not on subsequent passes. Only applying IPS and AV to this first pass fixes the network layer-2 related connection issues.
See Also
Troubleshooting VLAN issues
Asymmetric routing
Layer-2 and Arp traffic
NetBIOS
STP forwarding
Too many VLAN interfaces