Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mzainuddinahm
Staff
Staff

Created on ‎04-25-2009 10:28 AM Edited on ‎01-14-2025 05:17 PM By Staff

Article Id 195894

Technical Tip: Changing the speed of a FortiGate interface

Description

 

This article describes how to change the port speed of a FortiGate interface via CLI.


Scope

 

FortiGate.


Solution.

Configuration.

 

  1. The default value for all interfaces is auto-negotiate. This should automatically set the speed for that port appropriate to the speed set on the other network hardware. If this does not happen, edit the configuration using the following CLI commands:
 
config system interface
    edit <interface-name>
        set speed <1000full/10000half/100full/100half/10full/10half/auto>
end
 
Example to check the current speed on the interface and set:
 
get hardware nic <interface-name> 

 

Capture.png

 Captdddure.png

 

Note that only some models support gigabit Ethernet speeds. The unit attached should match the settings. If the FortiGate is set to 100Full, the unit on the end should also be set to 100Full.
 
  1. The interface speed.
 
  • Auto is the default speed. The interface uses auto-negotiation to determine the connection speed. Change the speed only if the interface is connected to a unit that does not support auto-negotiation. If the speed is mismatched on both ends, then the interface status on FortiGate will show as DOWN. Therefore, it is important to know the speed of the other end and according to that, changes can be made on the FortiGate.
  • 10full, 10 Mbps, full duplex.
  • 10half, 10 Mbps, half duplex.
  • 100full, 100 Mbps, full duplex.
  • 100half, 100 Mbps, half duplex.
  • 1000full, 1000 Mbps, full duplex.
  • 1000half, 1000 Mbps, half duplex.

 

Speed options vary for different models and interfaces. Enter a space and a '?' after the speed keyword to display a list of speeds available for the model and interface.
 
Note:
10G Auto-negotiation is not supported on the SFP28 interface due to limitations in the PHY. Therefore, this cannot be resolved by changing the firmware or any options in FortiGate.
 
Also, ensure to check the FortiGate's interface specifications to confirm compatibility with desired speed settings, as not all models support higher speeds like 10Gbps or 25Gbps SFP+ interfaces.
 
Changing the speed for interfaces that are 4-port switches is impossible. This includes the internal interfaces of FortiGate models 60, 60M, 100A, 200A, and FortiWiFi-60. 
This also includes the LAN interface of the FortiGate-500A.
 
  1. However, a command in the config system globally allows the internal switch speed to be set. 
 
To configure this use the following CLI commands.
 
Note:
The below command is only available up to FortiOS 5.4.x. 
 
config system global
     set internal-switch-speed
100full    100M Full
100half    100M half
10full     10M Full
10half     10M half
auto       auto
 
  1. If the ports are part of the internal hardware switch, then it is possible to change it using 'config system virtual-switch'.
 
config system virtual-switch
     edit <name>
         config port
           edit <name>
               set speed [auto|10full|10half|…]
    end
 

Troubleshooting.

 

For interface diagnostics:


diagnose hardware deviceinfo nic <interface-name>


Changing the port speed on an already aggregated interface is not possible.

Refer to the related article Troubleshooting Tip: FortiGate interface error counters for more information on understanding the output of this diagnostic command.

 

The following error may appear: 'Interface speed cannot be set for aggregated interfaces. Command fail. Return code -218'. Therefore, it is necessary to remove the interfaces from the aggregation, change the speed, and then add them again to the aggregation.

 

Related articles:

Config system virtual switch - FortiGate CLI reference.

Configuring port speeds - moved from Public to INTERNAL.

Technical Tip: Configure Ethernet speed, duplex and negotiation settings.

Troubleshooting Tip: FortiGate interface error counters.

Technical Note: Changing the speed settings on an interface

Labels:
187969
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.