|
When a FortiGate has 'Shared Media' interfaces, this means that it has a pair (or multiple pairs) of ports that offer two different physical connectors that tie back into a single logical interface. The purpose of these Shared Media ports is to offer users flexibility with regards to the physical connectivity to the FortiGate.
However, a key detail here is that these Shared Media ports are not two fully separate sets of ports. They cannot be used at the same time, nor are they able to be configured separately. One way to treat these interfaces is 'two physical interfaces that connect to one shared logical interface'.
For example, consider the FortiGate-90G/91G:
 Figure 1: FortiGate-90G diagram, as taken from the datasheet
On this model of FortiGate, the wan1 and wan2 RJ45 ports are labeled as 'shared' with SFP+1 and SFP+2. However, checking within FortiOS itself (e.g. show system interface) reveals that only wan1 and wan2 are present as configurable logical interfaces. To help illustrate the use case of these ports, consider the following example.
- An admin deploys the FortiGate-90G to one of their sites that has a broadband ISP connection. The ISP provides a modem that connects to the FortiGate via an RJ45-based CAT6 Ethernet cable.
The admin can connect this cable to the RJ45-based wan1 port on the FortiGate to gain network access.
- Later, the ISP upgrades the connection to an optical fiber setup, and they offer the admin the option of connecting with an optical SFP+ transceiver.
The admin can disconnect the Ethernet connection to wan1 and instead plug in the SFP+ transceiver into SFP+1. There is no need to update the configuration since these are a pair of Shared Media ports (i.e. all routes, policies, and other configs still reference the logical wan1 interface, but now the SFP+ physical medium is being used instead of RJ45).
- The admin later adds a second ISP connection to the site. This ISP only offers RJ45 Ethernet connections to the users, so the admin connects this new WAN connection to the RJ45 wan2 port. The SFP+-based wan1 connection used for the first ISP still operates without any changes.
In the case of the FortiGate-90G/91G, it is worth noting that these Shared Media physical interfaces (SFP+ vs. RJ45) are both capable of up to 10Gbps transmission rates, but they differ in terms of the exact speeds they support:
- The RJ45 interfaces (wan1 and wan2) are capable of 10G/5G/2.5G/1G/100M speeds with auto-negotiation support.
- The SFP+ interfaces (SFP+1 and SFP+2) are only capable of 10Gbps and 1Gbps speeds.
Finally, take note of some known behaviors regarding these Shared Media interfaces:
- The CLI command diagnose hardware shared-port < wan1 | wan2 > can be used to check the physical medium of the Shared Media interfaces chosen by the FortiGate. The following lists the expected behaviors when physically connecting these interfaces:
- Neither one is connected -> medium will show as AUTO.
- Only RJ45 is connected -> medium will show as Copper.
- Only SFP+ is connected -> medium will show as Fiber.
- Note that the medium will only switch to Fiber when a transceiver with an active optical fiber connection is connected to the FortiGate.
- Note also that there can be a brief delay (~5 seconds) when switching between physical mediums.
- Both are connected -> medium will show as Copper (RJ45 takes priority over SFP+).
- It is generally recommended to only connect one of the two interfaces in a Shared Media pair at a time to avoid any confusion.
- It is not possible to use pairs of Shared Media ports together in an LACP Link Aggregate (i.e. SFP+1 and wan1 cannot be used together in LACP since they are not two fully separate network interfaces).
|
