Error -23 Discard the setting command fail

yaronbeny7 · ‎09-09-2015

Hello,

i want to change switch mode to internal mode on my fortgate.

The things I did before:

1.removing internal rules.

2.change from dhcp to manuel

than on cli:

config system global

set internal-switch-mode interface

end

then i got this error (attached file)

thanks

gschmitt · ‎09-10-2015

On the GUI navigate to System > Network > Interfaces

If the Column Ref. isn't already present right click the bar, select Ref. and hit Apply

Is the number in the Ref. column of the internal interface 0?

yaronbeny7 · ‎09-13-2015

i'm connected to the fortigate 80c only via consul cable.

so how can i fix it ?

i want to work with internal mode.

ede_pfau · ‎09-13-2015

After factory reset there is a default configuration which you have to change in order to be able to switch the port mode (it's "interface mode", not "internal mode").

1. In the CLI (from console port), reset to factory defaults:

exec factoryreset

2. Then remove all policies:

config firewall policy
purge

# confirm with 'y'

3. then remove the default DHCP server:

config system dhcp server
purge

# confirm

Note: the exact command depends on the version of FortiOS your FGT is running.

4. now you can switch the port mode:

config sys global
set internal-switch-mode interface
end

The FGT will reboot now.

Afterwards, the ports will be labeled 'internal1'...'internal5'.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

yaronbeny7 · ‎09-15-2015

I did everything and it looks right but

I try to access the router at https://192.168.1.99 and it not working (no ping also).

I Conntected via ports 1 & 5 and no ping...

ede_pfau · ‎09-15-2015

When splitting up the internal switch into independent ports the default IP address is discarded (192.168.1.99/24). Access the FGT via console port (if possible) and set the IP address manually.

Ede

"Kernel panic: Aiee, killing interrupt handler!"

yaronbeny7 · ‎09-15-2015

yes,i able to connect via cli but please see the errors received (attached file)

ede_pfau · ‎09-20-2015

You've got VDOMs enabled. Enter into one VDOM before configuring ports.

Secondly, check "conf sys int" to see the names of the interfaces, whether there is a "port1" or rather a "internal1".

Ede

"Kernel panic: Aiee, killing interrupt handler!"

yaronbeny7 · ‎09-20-2015

hello.

i do not know how to configure "vdom name" via Cli.

and i do not know what is means.

jintrah_FTNT · ‎09-21-2015

First check the interfaces that are created after changing the mode to internal,

#show system interface

The internal interfaces may be named internal1, internal2 ...and so on. In that case, assign the ip address on the required interface

config system interface

edit internal1

set ip 192.168.1.99 255.255.255.0

set allowaccess http https ssh

In case, you need to set a vdom attribute, use the default vdom root.

Ex:

config system interface

edit internal1

set vdom root

set ip 192.168.1.99 255.255.255.0

set allowaccess http https ssh