Description
Introduced in FortiOS 3.0 MR6, software switch is a type of interface that can be configured to form a bridge between two or more physical or wireless FortiGate interfaces. Once the physical and wireless interfaces are added to a software switch interface, they become interface members, and as such they cannot any longer be accessed as individual interfaces. In most cases, a software switch interface functions like a normal interface: it can be configured with a single IP address, it can be added to a zone, and it can be used in the definition of firewall policies. It should be noted however that software switch interfaces have some limitations.
The attached document illustrates the steps to configure a software switch interface to bridge a physical and a wireless interface, forming a single broadcast domain (Layer 2 segment). This configuration is useful in environments where applications require physical and wireless users to be in the same Layer 2 segment. Whilst using a software switch interface is a viable solution, it is critical to understand the security and performance implications that derive from bridging physical and wireless interfaces into a single broadcast domain. These are discussed within the document.
Scope
FortiWiFi or FortiGate appliance running FortiOS 3.0 MR6 or later.
