Tag Archives: virtual wire pair policy

Virtual Wire Pair

Virtual Wire Pair

This feature (276013), available in NAT and Transparent mode, replaces the Port Pair feature available in FortiOS 5.2 in Transparent mode only. When when two physical interfaces are setup as a Virtual Wire Pair, they will have no IP addressing and are treated similar to a transparent mode VDOM. All packets accepted by one of the interfaces in a virtual wire pair can only exit the FortiGate through the other interface in the virtual wire pairĀ and only if allowed by a virtual wire pair firewall policy. Packets arriving on other interfaces cannot be routed to the interfaces in a virtual wire pair. A FortiGate can have multiple virtual wire pairs.

You cannot add VLANs to virtual wire pairs. However, you can enable wildcard VLANs for a virtual wire pair. This means that all VLAN-tagged traffic can pass through the virtual wire pair if allowed by virtual wire pair firewall policies.

Adding a virtual wire pair

To add a virtual wire pair, go to Network > Interfaces and select Create New > Virtual Wire Pair. Select the interfaces to add to the virtual wire pair to, optionally enable Wildcard VLAN and select OK.

adding a virtual wire pair

 

The virtual wire pair appears on the Interface list.

Use the following command to add a virtual wire pair from the CLI that enables the wildcard VLAN feature:

config system virtual-wire-pair edit test-VWP

set member port3 port4 set wildcard-vlan enable

end

Assigning an interface to be part of a virtual wire pairing will remove the “role” value from the interface.