Connecting 2 switches to fortigate 60B

Welcome to the forums. The device may be ' old' but it' s still supported. :) If you' re running in switch or hub mode, then all 6 internal interfaces share an IP address. If you' re running in interface mode, then you have 6 individually identifiable interfaces (internal1-internal6) that you can handle separately. What' s your goal here? If you need the other 5 ports, just plug in. All 6 share the same IP subnet.

Hi, Thanks for the welcome greeting and answer. Actually I new in the office and got the Firewall by legacy :-) My goal here is to add another switch but chaining it to the first switch not through taking a Port in the first switch and to bypass a single point of failure connecting 2 switches together physicality. I see the configuration is " Interface Mode" which means this is not suitable to what I need. I guess the solution I need is the " Switch mode" ? Oh and almost forgot. When you say " just plug in" - I did but it does not get any network - no blinking lights on the NIC. I guess this is because the interface is down and the IP/Netmask is not configured as well. Thanks!

By The way, how do I backup the fortigate 60B configuration ?

actually, he doesn' t have to. As far as I understand OP' s need he doesn' t want to daisy-chain switch2 to a port of switch1 to avoid losing all switch ports in case sw1 dies. Back to the Fortigate: after factory reset, all ' internal' ports form a switch. You can plug 2 switches into ports 1 and 2 resp. to have more ports. All these ports, on switch1, switch2 and the 4 ports on the 60B, share one subnet and one collision domain (!). That' s what you want. So, after fiddling around with interface mode and switch mode, I recommend typing in these commands on the console window: ' exec factoryreset' This will revert the internal interfaces into ' switch mode' and clear all configuration. Start anew and plug your switches into the ' internal' ports.

That' s right, it' s a bulldozer type of command. Depends on how far your config is at this point. You might get away with just switching the interface back into ' switch mode' . This only works if you have no references to the internal ports yet - policies, addresses etc. That' s why I' m suggesting the big hammer method.

OK, for 50 users a 60B might be a little too weak. Right-sizing is part of the magic a Fortinet partner can do for you. It depends on a lot of parameters. And nobody wants to oversize, i.e. overspend. For an office with a couple of VPNs, some AV, 50 users, some Mbit/s WAN link I' d guess an 80C would be enough, maybe a 110C. But this really is crystal ball science.