Description
Solution
This article provides information on how to delete the default virtual hardware switch "lan".
Most FortiGate models which support hardware switch will come with a predefined interface named "lan" which bundles multiple interfaces into a switch for multiple interfaces within the same network segment which may communicate between each other without further configuration.
Individual interfaces can be manually removed from the "lan" interface however in order to free up all ports linked to it it must be removed.
The hardware switch interface can be seen in the image below named "lan".
Go to: System > Network > Interfaces
To view the interface via the CLI:
Most FortiGate models which support hardware switch will come with a predefined interface named "lan" which bundles multiple interfaces into a switch for multiple interfaces within the same network segment which may communicate between each other without further configuration.
Individual interfaces can be manually removed from the "lan" interface however in order to free up all ports linked to it it must be removed.
The hardware switch interface can be seen in the image below named "lan".
Go to: System > Network > Interfaces
To view the interface via the CLI:
# show system interface lanUse the steps provided below to completely remove the switch interface.
Solution
1. The firewall policy which is linked to the "lan" interface must first be deleted. This is done since FortiOS cannot delete entries which have existing dependencies.
Go to: Policy & Objects > Policy > IPv4
To delete via CLI:
The GUI should look similar if the default config was loaded on the system.
The following output will be seen via the CLI if the policy no longer exists.
2. The DHCP server must also be deleted for the same reasons as it is also linked to the interface (This must be done via the CLI).
To delete the entry use the following syntax in the CLI:
The following output will be seen via the CLI if the DHCP server no longer exists.
3. The "lan" interface can now be deleted.
Go to: System > Network > Interfaces
Select the interface "lan", and click on the delete icon to remove it.
To delete "lan" switch via the CLI:
To view if the entry is removed:
Go to: Policy & Objects > Policy > IPv4
To delete via CLI:
# config firewall policy
# show <-- To view existing firewall policies to gather the correct policy ID
config firewall policy
edit 1 <-- The policy ID
set uuid fb3f751e-72c3-51e5-9159-daebef2d0346
set srcintf "lan"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
end
# delete <ID> <-- With the default settings the ID should be "1" however it should be verified on your system
# end
The GUI should look similar if the default config was loaded on the system.
The following output will be seen via the CLI if the policy no longer exists.
# show firewall policy <ID> <-- With the default settings the ID should be "1" however it should be verified on your system
entry is not found in table
Command fail. Return code 1
2. The DHCP server must also be deleted for the same reasons as it is also linked to the interface (This must be done via the CLI).
# show system dhcp server <-- To display existing DHCP servers
config system dhcp server
edit 1 <-- The DHCP ID
set dns-service default
set default-gateway 192.168.100.99
set netmask 255.255.255.0
set interface "lan"
config ip-range
edit 1
set start-ip 192.168.100.110
set end-ip 192.168.100.210
next
end
To delete the entry use the following syntax in the CLI:
# config system dhcp server
# delete <ID> <-- With the default settings the ID should be "1" however it should be verified on your system
# end
The following output will be seen via the CLI if the DHCP server no longer exists.
# show system dhcp server <ID> <-- With the default settings the ID should be "1" however it should be verified on your system
entry is not found in table
Command fail. Return code 1
3. The "lan" interface can now be deleted.
Go to: System > Network > Interfaces
Select the interface "lan", and click on the delete icon to remove it.
To delete "lan" switch via the CLI:
# config system virtual-switch
# delete "lan"
# end
To view if the entry is removed:
# show system interface lan
