Troubleshooting Tip: Error message "Interface switch is in use" or "Interface internal is in use" or "Entry is used" when changing internal-switch-mode

 

When making this change from the GUI, the message "Entry is used" will be displayed

 

 

The internal interface is a switch with either four or six physical interface connections, depending on the FortiGate model. Normally the internal interface is configured as a single interface shared by all physical interface connections - a switch.

For further details about switch mode please consult the appropriate FortiGate Administration Guide or the release notes.

The root cause can be some dependencies existing between the internal interface and other objects (DHCP settings, Firewall Policies), that will prevent this change.

To verify if other objects are referring to the internal interface, the diagnose command "diagnose sys checkused "can be used.

This is an example on a FortiGate 60B with a default configuration, and we are looking at all dependencies for the interface called "internal"

 

FGT60B # diagnose sys checkused system.interface.name internal

entry used by table system.dhcp.server:name 'internal_dhcp_server' entry used by table firewall.policy:policyid '1' entry used by table router.static:seq-num '1'

The analysis of the above output is the following :

 

Message	Description
entry used by table system.dhcp.server:name 'internal_dhcp_server'	There is a DHCP server called 'internal_dhcp_server' enabled on the "internal" interface
entry used by table firewall.policy:policyid '1'	There is a Firewall Policy (ID 1) that refers to "internal"
entry used by table router.static:seq-num '1'	There is a static route (entry 1) that refers to "internal"

 

You will need to delete all the above settings in order to be able to apply the change.