New Member

Question

Error -23 Discard the setting command fail

Forum|Forum|10 years ago
September 9, 2015
10 replies
25278 views

Hello,

i want to change switch mode to internal mode on my fortgate.

The things I did before:

1.removing internal rules.

2.change from dhcp to manuel

than on cli:

config system global

set internal-switch-mode interface

end

then i got this error (attached file)

thanks

forti error.jpg

gschmitt

New Member

On the GUI navigate to System > Network > Interfaces

If the Column Ref. isn't already present right click the bar, select Ref. and hit Apply

Is the number in the Ref. column of the internal interface 0?

yaronbeny7Author

New Member

i'm connected to the fortigate 80c only via consul cable.

so how can i fix it ?

i want to work with internal mode.

ede_pfau

SuperUser

After factory reset there is a default configuration which you have to change in order to be able to switch the port mode (it's "interface mode", not "internal mode").

1. In the CLI (from console port), reset to factory defaults:

exec factoryreset

2. Then remove all policies:

config firewall policy
purge

# confirm with 'y'

3. then remove the default DHCP server:

config system dhcp server
purge

# confirm

Note: the exact command depends on the version of FortiOS your FGT is running.

4. now you can switch the port mode:

config sys global
set internal-switch-mode interface
end

The FGT will reboot now.

Afterwards, the ports will be labeled 'internal1'...'internal5'.

yaronbeny7Author

New Member

I did everything and it looks right but

I try to access the router at https://192.168.1.99 and it not working (no ping also).

I Conntected via ports 1 & 5 and no ping...

ede_pfau

SuperUser

When splitting up the internal switch into independent ports the default IP address is discarded (192.168.1.99/24). Access the FGT via console port (if possible) and set the IP address manually.

yaronbeny7Author

New Member

yes,i able to connect via cli but please see the errors received (attached file)

error.jpg

ede_pfau

SuperUser

You've got VDOMs enabled. Enter into one VDOM before configuring ports.

Secondly, check "conf sys int" to see the names of the interfaces, whether there is a "port1" or rather a "internal1".

yaronbeny7Author

New Member

hello.

i do not know how to configure "vdom name" via Cli.

and i do not know what is means.

jintrah_FTNT

Staff

First check the interfaces that are created after changing the mode to internal,

#show system interface

The internal interfaces may be named internal1, internal2 ...and so on. In that case, assign the ip address on the required interface

config system interface

edit internal1

set ip 192.168.1.99 255.255.255.0

set allowaccess http https ssh

In case, you need to set a vdom attribute, use the default vdom root.

Ex:

config system interface

edit internal1

set vdom root

set ip 192.168.1.99 255.255.255.0

set allowaccess http https ssh

yaronbeny7Author

New Member

i did it and see the file attached with the error.

how can i fix it please ?

error.jpg

jintrah_FTNT

Staff

hi,

The subnet is already used for internal6 interface as indicated from the error message. Choose a different subnet, say, 10.10.10.1/24 for the interface.

Regards,

yaronbeny7Author

New Member

Everthing is ok now.

Thanks

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded