| Description |
This article describes about the issue where user is unable to add a hardware switch which is in use into a zone. |
| Scope | FortiGate, all firmware. |
| Solution |
Adding hardware switch interface, or any interface as follows in a newly created zone is not possible, because hardware switch could be in use(referenced) at places like policies, routing, address objects, etc.
However, assigning a hardware switch interface to a zone can be done only after removing all the references.
Notice the hardware switch interface has references which means it is being used in policies, routing, etc.
Since the hardware switch is in use, adding it into a zone is not possible. As the hardware switch itself doesn't show up in the drop down as shown below.
So, remove the references that is either delete the policies, routing, etc. that uses the hardware switch interface or remove the hardware switch interfaces from those policies, routing, etc.
Now when tried to add hardware switch 'lan' interface into the zone, 'lan' shows up in the drop down.
Basically 'configure firewall policy' - > 'show' - > paste into NP++ - > replace src/dst interface where 'hardware switch' with the new zone - > purge under 'firewall policy' - > assign hardware switch to a zone - > copy & paste firewall policies back.
Note: To get the option of hardware switch interface, disable virtual-switch-vlan from global settings.
It not only applies for hardware switch interface but for any interface one trying to add into the zone it must not be referenced anywhere else like policies, routing, etc. For example ha1, ha2, wan1, wan2 interface in this case.
Related KB article for reference: |
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR (on-premise)
- FortiNAC-F
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPresence
- FortiPortal
- FortiProxy
- FortiRecon
- FortiSRA
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiTester
- FortiSwitch
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: Unable to add an in use hardware sw...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.