Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Biraman
Staff
Staff

Created on ‎05-21-2023 10:11 PM Edited on ‎10-03-2023 08:14 AM By Moderator

Article Id 257285

Technical Tip: Migrating VLAN interfaces from one interface to another using the Integrate Interface feature

Description

This article describes how to use the new interface migration wizard introduced in FortiOS 7.0 to bypass the usual limitations where VLAN interfaces configured with a large number of references take a lot of time to migrate from one interface to another. This is because every reference has to be moved individually.

The interface migration wizard which with migrating the references from a physical interface to either an aggregate interface, redundant interface, or software switch, but is disabled for VLAN interfaces by default. This article describes how to migrate the VLAN interfaces along with references from the Parent Interface to the FortiLink interface.

 

Note: This feature does not support turning an aggregate, software switch, redundant, zone, or SD-WAN zone interface back into a physical interface.
Scope FortiGate.
Solution

FortiGate is Configured with 3 VLANs (Vlan60, Vlan80, and Vlan100), and all VLANs are configured under interface port17. All VLANs have some references used for Policies, Address Objects, Static routes, or VIP.

 

Warning:

Take a config backup of the FortiGate before migrating the interfaces and schedule the changes during a Maintenance window. Avoid accessing the FortiGate with the same interface to avoid being locked out.

Vlans.JPG

 

For Individual VLAN Interfaces, the option to integrate the interface is disabled.

 

Greyed.JPG
However, the Parent Interface (Port17) has the option to be migrated. Migrating this parent interface will migrate all of the child VLAN interfaces to the desired FortiLink interface or any other aggregate interfaces, redundant interfaces, or software switches.

 

Parentinterface.JPG

 

Select Migrate to Interface and select 'Next'.

 

Migrate.JPG

 

Select the target interface. In this example, FortiLink is selected. After, select 'Next'.

 

FortilinkSelect.JPG
Review the objects to be migrated. In this example, all three VLANs are listed. After, select 'Apply' and then 'OK'.


VlanMigrate.JPG

 

Entries will be successfully updated, meaning it will be time to close the wizard and verify the migrated objects.

 

Updated.JPG

 
As shown, all three VLANs were successfully migrated under FortiLink with all references.

 

Sucess.JPG

 
Now, if the old Parent interface (Port17) is no longer required to be a part of FortiLink, it can be removed by selecting the cross button and selecting 'OK'. After, port 17 can be used for any other purpose.

 

Remove.JPG
4054
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.