Skip to main content
mzainuddinahm
Staff & Editor
mzainuddinahm
Staff & Editor
April 25, 2009

Technical Tip: Changing the speed of a FortiGate interface

  • April 25, 2009
  • 0 replies
  • 214680 views

Description

 

This article describes how to change the port speed of a FortiGate interface via CLI. There is no option to change the interface speed via GUI, this change can only be performed via CLI

 

Scope

 

FortiGate.


Solution.

Configuration:

  1. The default value for all interfaces is auto-negotiate. This should automatically set the speed for that port appropriate to the speed set on the other network hardware. If this does not happen, edit the configuration using the following CLI commands:
 
config system interface
    edit <interface-name>
        set speed <1000full/10000half/100full/100half/10full/10half/auto>
end
 
Example to check the current speed on the interface and set:
 
get hardware nic <interface-name> 

 

Capture.png

 Captdddure.png

 

Note that only some models support gigabit Ethernet speeds. The unit attached should match the settings. If the FortiGate is set to 100Full, the unit on the end should also be set to 100Full.
 
  1. The interface speed.
  • Auto is the default speed. The interface uses auto-negotiation to determine the connection speed. Change the speed only if the interface is connected to a unit that does not support auto-negotiation. If the speed is mismatched on both ends, then the interface status on FortiGate will show as DOWN. Therefore, it is important to know the speed of the other end, and according to that, changes can be made on the FortiGate.
  • 10full, 10 Mbps, full duplex.
  • 10half, 10 Mbps, half duplex.
  • 100full, 100 Mbps, full duplex.
  • 100half, 100 Mbps, half duplex.
  • 1000full, 1000 Mbps, full duplex.
  • 1000half, 1000 Mbps, half duplex.

 

Speed options vary for different models and interfaces. Enter a space and a '?' after the speed keyword to display a list of speeds available for the model and interface.
 
Note:
10G Auto-negotiation is not supported on the SFP28 interface due to limitations in the PHY. Therefore, this cannot be resolved by changing the firmware or any options in FortiGate.
 
Also, ensure to check the FortiGate's interface specifications to confirm compatibility with desired speed settings, as not all models support higher speeds like 10Gbps or 25Gbps SFP+ interfaces.
 
Changing the speed for interfaces that are 4-port switches is impossible. This includes the internal interfaces of FortiGate models 60, 60M, 100A, 200A, and FortiWiFi-60. 
This also includes the LAN interface of the FortiGate-500A.
 
  1. However, a command in the config system globally allows the internal switch speed to be set. 
To configure this, use the following CLI commands.
 
Note:
The following command is only available up to FortiOS v5.4.x. 
 
config system global
     set internal-switch-speed
100full    100M Full
100half    100M half
10full     10M Full
10half     10M half
auto       auto
 
Note:
The following command is only available up to FortiOS v6.2.x. 
 
  1. If the ports are part of the internal hardware switch, then it is possible to change it using 'config system virtual-switch'.
 
config system virtual-switch
     edit <name>
         config port
           edit <name>
               set speed [auto|10full|10half|…]
end
 

Troubleshooting.

 

For interface diagnostics:


diagnose hardware deviceinfo nic <interface-name>


Changing the port speed on an already aggregated interface is not possible.

Refer to the related article Troubleshooting Tip: FortiGate interface error counters for more information on understanding the output of this diagnostic command.

 

The following error may appear: 'Interface speed cannot be set for aggregated interfaces. Command fail. Return code -218'. Therefore, it is necessary to remove the interfaces from the aggregation, change the speed, and then add them again to the aggregation.

 

Note:

If the port is down once enabled, it comes on half-duplex. Connect a PC or Layer 2 switch (whatever device that does not generate DHCP) and apply the commands below, then the interface will come back on in 1 gigabit (or any desired speed) with full duplex:

 

config system interface
    edit <port name>

        set speed 1000full

        set status up

end

 

Related documents:

Config system virtual switch - FortiGate CLI reference.

Configuring port speeds - moved from Public to INTERNAL.

Technical Tip: Configure Ethernet speed, duplex and negotiation settings.

Troubleshooting Tip: FortiGate interface error counters.

Technical Note: Changing the speed settings on an interface

Technical Tip: Low throughput troubleshooting  

Terms & ConditionsAccessibility statement