Skip to main content
papapuff
papapuff
New Member
December 22, 2014
Solved

ask - change interface on FG60D

  • December 22, 2014
  • 3 replies
  • 12290 views

hi there,

 

need help,

can interface on FG-60D change into individual interface, not act as switch?

I've 100D, and the interface can be changed to individual port or act as a switch, or both.

if can, how to do that?

 

thank you

    Best answer by AndreaSoliva

    Hi all

     

    This what is normaly used on every device as long it can be configured in interface mode is following:

     

    config firewall policy

    purge

     

    NOTE with purge everything within the policy container will be deleted meaning every policy will be deleted. Answer with yes!

     

    config firewall dhcp server

    purge

     

    NOTE with purge everything within the dhcp server container will be deleted meaning every entry will be deleted. Answer with yes!

     

           # config sys global        # set internal-switch-mode interface        # end        changing switch mode will reboot the system!        Do you want to continue? (y/n)y

     

    PLEASE NOTE For the newest release of FortiGate 60D you will recognize that the interface mode is ALREADY in interface mode. If you look deeper into it you will recognized that latest revision of FortiGate 60D (first time recognized in January 2015) has a Hardware Switch like the FG-100D up to Revision/Generation 3. If you have such a device you have to splitt out the interface's over the gui. If you do so you will note that the last two interfaces can not be splitted out. The reason is behind this is configured a virtuelle hardware switch which helds the interfaces together. But also this one can be deleted which means:

     

           # config system virtual-switch        # get        == [ lan ]        name: lan           # del lan        # get        # end

     

    Thats it...have fun

     

    Andrea

    3 replies

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    December 22, 2014

    hi,

     

    yes, you can split the 'internal' switch into individual ports 'internal1'...'internal7'.

    First, you have to remove all references to the 'internal' port. This includes

    - policies

    - static routes

    - DHCP servers

    - any port-associated address objects and VIPs

    Then, you enter

    config sys global
       set internal-switch-mode interface
    end
    The FGT will reboot after that.

    Make sure before you begin that you either connect to the FGT on the console port or any other port which is not 'internal'.

    Ralph1973
    Ralph1973
    New Member
    December 30, 2014

    Hello,

    Don't forget to remove policies, dhcp server and objects that refer to the switch ports. Then you can switch to interface mode. Also there might be a referal to use ntp on the switchport.

     

    Grtz. Ralph

     

     

    ede_pfau wrote:

    hi,

     

    yes, you can split the 'internal' switch into individual ports 'internal1'...'internal7'.

    First, you have to remove all references to the 'internal' port. This includes

    - policies

    - static routes

    - DHCP servers

    - any port-associated address objects and VIPs

    Then, you enter

    config sys global
       set internal-switch-mode interface
    end
    The FGT will reboot after that.

    Make sure before you begin that you either connect to the FGT on the console port or any other port which is not 'internal'.

    papapuff
    papapuffAuthor
    New Member
    December 30, 2014

    hi there.

     

    Just arrive my device. forticare later will be sent.

     

    anyway, I've tried with usb management, but return an error.

    Interface internal is in use attribute set operator error, -23, discard the setting Command fail. Return code -23

     

    I access via fortiexplorer. I long not to use the fortigate. may be I make mistake.

     

    need help please.

     

    thanks.

    AndreaSoliva
    AndreaSolivaAnswer
    New Member
    January 30, 2015

    Hi all

     

    This what is normaly used on every device as long it can be configured in interface mode is following:

     

    config firewall policy

    purge

     

    NOTE with purge everything within the policy container will be deleted meaning every policy will be deleted. Answer with yes!

     

    config firewall dhcp server

    purge

     

    NOTE with purge everything within the dhcp server container will be deleted meaning every entry will be deleted. Answer with yes!

     

           # config sys global        # set internal-switch-mode interface        # end        changing switch mode will reboot the system!        Do you want to continue? (y/n)y

     

    PLEASE NOTE For the newest release of FortiGate 60D you will recognize that the interface mode is ALREADY in interface mode. If you look deeper into it you will recognized that latest revision of FortiGate 60D (first time recognized in January 2015) has a Hardware Switch like the FG-100D up to Revision/Generation 3. If you have such a device you have to splitt out the interface's over the gui. If you do so you will note that the last two interfaces can not be splitted out. The reason is behind this is configured a virtuelle hardware switch which helds the interfaces together. But also this one can be deleted which means:

     

           # config system virtual-switch        # get        == [ lan ]        name: lan           # del lan        # get        # end

     

    Thats it...have fun

     

    Andrea

    Terms & ConditionsAccessibility statement