How to Configure VXLAN on Fortigate

Hi , if you like video please subscribe to my channel , that is very useful way to implement Disaster Recovery Datacenter , because you can extend layer 2 connection between datacenters , yes , you can do on SD-wan but not directly configure on SD-wan port. to do this you have to create a loopback interface and create a session between both firewall loopback interfaces on firewalls.

Hi , Using dynamic ip is not possible , because vxlan works like point to point protocol and each point should know other end ip address , may be you can use dns name instead of IP address, i have not test that before.

Hi, can you tell me more details? In vxlan you extend layer 2 and you should have just one gateway

İf you send me the topology i can better understanding your mean

@@sinaonline We talked with Fortigate support and they indicated it is not supported to add an interface that already has logical (VLAN in our case) interfaces below it.

Are you sure any rule does not assigned to vlan? For example is you have any ip address assigned on vlan interface you can not add to software switch

@@sinaonline I checked the interface it's a 10gig X1, configured the vlan as you mentioned but it still won't show up in the members list

Issue resolved, Upgraded to 7.4.2. It seems there are limitations on 7.2.1 firmware version

thanks for share with us

i have not try native vlan to forward from vxlan but i think its possible and no problem will occurs during configuration.

Hi Ahmet, you are right, create vxlan over ipsec is secure more than wan interface, configuration is the same as wan interface. If you have another question you can ask in the comments

@@sinaonline How much security risk will there be if we do not use ipsec? MITM attack or etc.
thank you very much for reply :)