Description
This article describes how to switch from NAT to transparent mode without any errors.
When switching from NAT mode to Transparent mode, and 'FortiLink' has been already configured, the following error appears:
FGT # config sys settings
FGT (settings) # set opmode transparent
Cannot change to Transparent mode because this vdom contains managed switches and switchctl-vlans.
Please clear managed-switches, disable fortilink and retry.
node_check_object fail! for opmode transparent
value parse error before 'transparent'
Command fail. Return code -7610
Scope
FortiGate.
Solution
To change the operation mode of the unit, use the following command:
FGT (fortilink) # show
config system interface
edit "fortilink"
set vdom "root"
set allowaccess ping fabric
set status down
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 14
next
end
Even after disabling the FortiLink interface, the same error message should still appear. If FortiLink has any referenced configurations, remove them using the following CLI commands:
show | grep -i fortilink -f
config system interface
edit "fortilink" <---
set vdom "root"
set fortilink enable <---
set ip 10.10.225.1 255.255.255.0
set allowaccess ping fabric https
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 8
next
end
config system ntp
set ntpsync enable
set server-mode enable
set interface "fortilink" <---
end
config system dhcp server
edit 1
set ntp-service local
set default-gateway 10.10.225.1
set netmask 255.255.255.0
set interface "fortilink" <---
set vci-match enable
set vci-string "FortiSwitch" "FortiExtender"
next
end
config switch-controller storm-control-policy
edit "auto-config"
set description "storm control policy for fortilink-isl-icl port" <---
set storm-control-mode disabled
next
end
References can also be checked using the following cmdb command:
diagnose sys cmdb refcnt show system.interface.name fortilink
entry used by table system.dhcp.server:id '1'
entry used by child table interface:interface-name 'fortilink' of complex system.ntp:interface.interface-name
Disabling the NTP server which lists FortiLink interface (or switch interface to any other interface available):
config sys ntp
FortiGate(ntp) # show
config system ntp
set ntpsync enable
set server-mode enable
set interface "fortilink"
end
(ntp) # set server-mode disable
(ntp) # end
Delete the DHCP server entry using the following commands:
config sys dhcp server
(server) # delete 1
(server) # end
Disable Fortilink interface:
config sys interface
(interface) # edit fortilink
(fortilink) # set stat down
(fortilink) # end
On VM FortiGate devices, it can be desired to delete the FortiLink interface as well:
config sys interface
(interface) # delete fortilink
(interface) # end
Then try to change the mode to Transparent mode using the following CLI commands:
config sys settings
(settings) # set opmode transparent
(settings) # set manageip 10.12.12.12/24
(settings) # end
Changing to TP mode
Done.
Go to System -> Settings -> NTP. Also, on the aforementioned FortiLink configuration, unset the IP address and disable all configurations related to FortiLink as shown in the below screenshot.
Below is the expected result without any error message:
FGT # config system settings
FGT (settings) # show full-configuration | grep opmode
set opmode nat
FGT (settings) # set opmode transparent
FGT (settings) # set manageip <IP address/mask>
FGT (settings) # end
Output:
FGT # config system settings
FGT (settings) # show full-configuration | grep opmode
set opmode transparent
FGT (settings) # end
