Skip to main content
AnotherFortiUser
AnotherFortiUser
Explorer
October 7, 2025
Question

Disable Bypass Mode on Power-Off on FortiGate Rugged60F

  • October 7, 2025
  • 1 reply
  • 1162 views

Hi,


in the documentation of the FortiGate Rugged60F it says, that port internal4 and wan1 form a bypass pair.
As I understand by reading documentation (https://docs.fortinet.com/document/fortigate/7.4.7/hardware-acceleration/754739) this results in forming a hardwired connectivity between these ports in the case of a power failure / power-off.

This might result in a security issue, if using those two interfaces in different network segements / vlans, if I understand this description correctly.

I also couldnt find any documentation on how to disable this feature - only for different FortiGate models. And those either say its possible to disable via CLI (80/81), but a different model describes it cant be disabled and is the default configuration (Rugged 90D):
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-poweroff-bypass-and-bypass-watchdog-on/ta-p/195677
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypass-Ports-on-FortiGate-Rugged-90D/ta-p/194412


Could you help me answer the following questions:
1) Did I understand the documentation correctly and is my conclusion correct, that you shouldnt use those two ports simultaneously in different network zones?
2) If 1 is the case, can this functionality be disabled? Or is the solution, that you just dont use those two ports simultaneously?

Thank you in advance!

Best regards

1 reply

ozkanaltas
ozkanaltas
Valued Contributor III
October 7, 2025

Hello @AnotherFortiUser ,

 

If you use the same VLAN ID or the same network on both wan1 and internal4 interfaces, yes, you are right. They can access each other's network when a power failure. 

 

This feature is especially good if you use transparent mode.

 

Also, in the document, describe how to disable bypass on these ports.

 

image.png

 

 

    AnotherFortiUser
    AnotherFortiUserAuthor
    Explorer
    October 28, 2025

    Hi, sorry for the late response - but I wasn't able to verify the proposed options earlier.

    When we try to execute the shown commands, it doesnt accept the general "config system bypass" command ("command parse error before 'bypass' Command fail. Return code 1"). Bypass isnt an available system configuration parameter, also shown by executing "config system" - "bypass" isnt part of the displayed list.

    We are testing on a FortiGate Rugged 60F, running FortiOS 7.4.8M.
    It seems, that this option isnt available. Also the internal4 interface is not part of a internal (virtual) switch.

    RinoBroer
    RinoBroer
    Explorer III
    July 7, 2022

    There is no problem with the hotspot, it is my personal iPhone. I have a working connection and in addition the FortiClient VPN will give another message in case no connection can be made to the gateway at all. At 98%, that step has already been passed.

     

    Unfortunately Fortinet does not provide support on the free FortiClient VPN software, so I am curious if possibly others have run into this problem as well.

    Terms & ConditionsAccessibility statement