Description
This article describes information about the internal-switch-mode setting on the FortiGate, as the preferred configuration for this setting should be decided upon before installing the FortiGate. Notably, this setting affects how the FortiGate’s physical ports are managed by the FortiGate.
Note: This setting is only relevant to FortiOS 5.2 and earlier. FortiOS 5.4 and later deprecated this setting, and so this article is retained for legacy documentation only.
Scope
FortiOS 5.2 and earlier.
Solution
The internal-switch-mode setting has two options available:
Option 1: Switch mode
In Switch mode, all the internal interfaces are part of the same subnet and treated as a single interface called 'lan' or 'internal' by default, depending on the FortiGate model. Switch mode can be used with simple network layouts, such as when all users/devices will connect on the same subnet.
Option 2: Interface mode
In Interface mode, the physical interfaces of the FortiGate unit are handled individually, with each interface having its own IP address.
Interfaces can also be combined by configuring them as part of either hardware or software switches, which allow multiple interfaces to be treated as a single interface.
This mode is ideal for complex networks that use different subnets to compartmentalize the network traffic.
To determine which mode the FortiGate is in, go to System -> Network -> Interfaces and check the lan/internal interface. If the interface is listed as a physical interface in the Type column, then the FortiGate is in Switch mode, whereas if the interface is listed as a hardware switch then the FortiGate is in Interface mode.
To change the mode of the FortiGate, make sure that none of the physical ports that make up the lan or internal interface are referenced in the FortiGate configuration.
Go to System -> Dashboard -> Status and enter either of the following commands into the CLI Console to change between modes:
config system global
set internal-switch-mode [switch | interface]
end
