Software switch vs VLAN - Fortigate 100e

Forum|Forum|9 years ago
April 5, 2017
1 reply
7064 views

Good morning!

I am looking for best practices/recommendations for utilizing the built in switch on a Fortigate 100e, in particular with configuring the switch to split the ports between internal LAN and DMZ. I do not need all 16 ports on the Fortigate and would like to split the switch up as follows:

Ports 1-4 = Internal LAN

Ports 5-8 = DMZ

Ports 9-12 = Potential for WAP connections

Ports 10-16 = Unused and unconfigured/disabled

I am new to Fortigates, coming into a new network from a WatchGuard/Cisco background and would like to see what others have done to optimize the usage of the switch ports. I can see advantages to configuring software switches as described above, but would like to explore configuring VLANs on individual ports if it would be more applicable.

There are currently separate VLANs for servers, workstations, phones, and guest wifi access. I can see dropping a number of VLANs and using QoS for my phones, but my hands are tied on the separate VLAN for the guest wifi as there is a need for both internal and external wifi, but only a single network port on the available WAPs.

Any recommendations would be greatly appreciated!

MikePruett

New Member

You can configure items as hardware switches or software switches. Please use hardware switch as often as you can. It lightens the load on the Gate. Software switches can cause high CPU utilization etc.

AdvntrhikeAuthor

New Member

Hey Mike,

Thanks for the reply. Hardware over software switch makes sense, but I get a "System error" when attempting to configure a hardware switch. Using software switch with all other settings being the same, everything goes through without a hitch. Is this something better approached from CLI or from the GUI?

Thanks!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded