To configure a VXLAN between a Juniper SRX and a Fortinet Fortigate firewall, you'll need to follow these general steps:
- Configure the VXLAN on both devices
- Establish the Tunnel interface on both devices
- Configure the VLAN on both devices
- Configure the routing protocol
- Test connectivity
Here are the detailed steps for Juniper SRX:
1. Configure the VXLAN on the SRX:
set interfaces vtep vtep0 unit 0 family inet address 10.0.0.1/24
set interfaces ge-0/0/0 unit 0 family ethernet-switching vlan members vlan-10
set interfaces ge-0/0/1 unit 0 family ethernet-switching vlan members vlan-20
set vlans vlan-10 vlan-id 10
set vlans vlan-20 vlan-id 20
2. Establish the Tunnel interface on the SRX:
set interfaces ge-0/0/0 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/1 unit 0 family ethernet-switching port-mode access
set interfaces ge-0/0/0 unit 0 family ethernet-switching native-vlan-id 10
set interfaces ge-0/0/1 unit 0 family ethernet-switching native-vlan-id 20
set interfaces vtep vtep0 encapsulation vxlan
set interfaces vtep vtep0 source-interface ge-0/0/0
set interfaces vtep vtep0 logical-switch-overlay vni 20000
Here are the detailed steps for Fortinet Fortigate:
1. Configure the VXLAN on the Fortigate:
config system interface
edit "vxlan1"
set vdom "root"
set ip 10.0.0.2/24
set allowaccess ping
set type vxlan
set vxlan vni 20000
next
end
2. Establish the Tunnel interface on the Fortigate:
config system virtual-switch
edit "vswitch1"
set vdom "root"
set interface "vxlan1"
set age 300
next
end
3. Configure the VLAN on the Fortigate:
config system interface
edit "port1"
set vdom "root"
set type physical
set vlanforward enable
set vlanid 10
set virtual-switch "vswitch1"
next
edit "port2"
set vdom "root"
set type physical
set vlanforward enable
set vlanid 20
set virtual-switch "vswitch1"
next
end
4. Configure the routing protocol:
config router static
edit 1
set dst 10.0.0.0 255.255.255.0
set device "vxlan1"
next
end
