Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
snowman_FTNT
Staff
Staff

Created on ‎05-20-2016 02:32 AM Edited on ‎08-01-2024 10:46 PM By Moderator

Article Id 194844

Technical Tip: Behaviour on the GUI of the Interface Role introduced in v5.4

Description

 
This article describes the new Interface Role option and how it affects the GUI options available when editing a network interface on the FortiGate.

FortiOS 5.4 introduced the concept of Interface Roles that can be assigned to a given Network Interface. Each interface can be defined as one of the following roles: LAN, WAN, DMZ, or Undefined. When these roles are set, they will hide/reveal parts of the configuration in the GUI based on what is appropriate for the role.

 

Scope

 

FortiOS 5.4 and later.


Solution

 
Role type:
 
  1. Undefined role: All options in GUI are shown and configurable unless noted otherwise.

  2. This role is meant for interfaces that connect to the Internet.
    The interface is set to DHCP by default.
    Receive LLDP is set to Enable, and Transmit LLDP is set to Use VDOM Setting (FortiOS 6.2 and later).
    The following features and options are hidden: WAN role:
    • Device Identification.
    • One-arm sniffer (Addressing Mode).
    • Auto-Managed by IPAM (Addressing Mode).
    • Dedicate to extension/FortiAP modes.
    • DHCP server.
    • Security mode and Admission control.

  3. LAN role.
    • This role is meant for interfaces that are used for local networks and internal endpoints.
    • The 'Create address object matching subnet' option is shown and toggled on (FortiOS 6.2 and later for the LAN and DMZ roles).
    • This option creates an Interface Subnet object that is based on the subnet associated with the interface.
    • Receive LLDP is set to Use VDOM Setting, and Transmit LLDP is set to Enable (FortiOS 6.2 and later).
    • The following features and options are hidden:
      • Secondary IP address (in 5.4.0 only)
      • Estimated bandwidth.
     
  4. DMZ role.
    • This role is meant for interfaces that are hosting servers, especially those that are exposing services to the Internet (i.e. separating publicly reachable servers from the rest of the corporate network/LAN).
    • Receive LLDP and Transmit LLDP are both set to Use VDOM Setting (FortiOS 6.2 and later)
    • The following features and options are hidden:
      • Secondary IP address (5.4.0 only).
      • Estimated bandwidth.
      • DHCP server.
      • Admission Controls.

    The following screenshot is an example of the GUI where the interface is set with an undefined role where all options are configurable.
    jjuracka_FD38714_tn_FD38714-1.jpg
14911
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.