config : system v-zone
 
system v-zone
Use this command to configure bridged network interfaces, also called v-zones.
Bridges allow network connections to travel through the FortiWeb appliance’s physical network ports without explicitly connecting to one of its IP addresses.
Bridges on the FortiWeb appliance support IEEE 802.1d spanning tree protocol (STP) by forwarding bridge protocol data unit (BPDU) packets, but do not generate BPDU packets of their own. Therefore, in some cases, you might need to manually test the bridged network for Layer 2 loops. Also, you may prefer to manually design a tree that uses the minimum cost path to the root switch for design and performance reasons.
True bridges typically have no IP address of their own. They use only media access control (MAC) addresses to describe the location of physical ports within the scope of their network and do network switching at Layer 2 of the OSI model. However, if you require the ability to use an IP address to use ICMP ECHO_REQUEST (ping) to test connectivity with the physical ports comprising the bridge, you can assign an IP address to the bridge using ip <interface_ipv4mask> and thereby create a virtual network interface that will respond.
 
For FortiWeb-VM, you must create vSwitches before you can configure a bridge. See the FortiWeb-VM Install Guide for details.
 
If configuring VLANs for a FortiWeb operating in true transparent proxy mode, you must configure one V-zone for each VLAN.
To use this command, your administrator account’s access control profile must have either w or rw permission to the netgrp area. For more information, see “Permissions”.
Syntax
config system v-zone
edit <bridge_name>
set interfaces {<interface_name> <interface_name> ...}
set ip <interface_ipv4mask>
next
end
Variable
Description
Default
<bridge_name>
Type the name of the bridge. The maximum length is 15 characters.
To display the list of existing bridges, type:
edit ?
No default.
interfaces {<interface_name> <interface_name> ...}
Type the names of two or more network interfaces that currently have no IP address of their own, nor are members of another bridge, and therefore could be members of this bridge. Separate each name with a space. The maximum length is 35 characters.
No default.
ip <interface_ipv4mask>
To create a virtual network interface that can respond to ICMP ECHO (ping) requests, enter an IP address/subnet mask for the virtual network interface.
No default.
Example
This example configures a true bridge between port3 and port4. The bridge has no virtual network interface, and so it cannot respond to pings.
config system v-zone
edit bridge1
set interfaces port3 port4
next
end
Related topics
config system interface
config system settings