Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Flamba
New Contributor

FWF-60E Software Switch , how to remove a port from "internal"

I am setting up a fortiwifi 60e  V6.0.8 build 0303 and i have a strange problem with network interfaces.

I find a single "software switch" that i have never used. This switch software has internal and wifi members.

From the internal member i want to remove a port, for example the 7, but i can't.  I am going crazy . Does anyone know how to do? Thank' to all.

 

FROM CLI: Connected

FWF60 # config system virtual-switch FWF60 (virtual-switch) # show config system virtual-switch edit "internal" set physical-switch "sw0" config port edit "internal1" next edit "internal2" next edit "internal3" next edit "internal4" next edit "internal5" next edit "internal6" next edit "internal7" next end next end

1 Solution
rwpatterson
Valued Contributor III

Just shooting from the hip here. Have you tried

 

   config system virtual-switch     edit "internal"     set physical-switch "sw0"     config port ? The question mark at the end should give you options on what you can do from there.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

View solution in original post

7 REPLIES 7
rwpatterson
Valued Contributor III

Just shooting from the hip here. Have you tried

 

   config system virtual-switch     edit "internal"     set physical-switch "sw0"     config port ? The question mark at the end should give you options on what you can do from there.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

emnoc
Esteemed Contributor III

Actual go into the config port sub-section and delete the interface

 

homefgt (port) # delete 

*All    members of physical switch sw0:

 

current members of lan

 

lan1   

lan2   

lan3   

lan4   

lan5   

 

homefgt (port) # delete 

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

Dave_Hall

Screenshot shows 4 references to the lan interface.  I suspect that's at least a firewall policy (or 2), DHCP server reference, hardware switch(?), and perhaps an active admin login.  Don't have a fgt in front of me atm to test this, but I am assuming you won't be able to change members on that Internal switch while an admin is connected through it.

 

Of course, as a last ditch effect, you always could load the config into a text editor and manually remove "internal7" from the switch.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

Flamba

After a break i'm back on the Fortigate! 

 

from the cli you saw above, i simply gave a delete "internal7" and the problem was solved!

 

now i have internal7 free !!!!!!!!!!! 

 

Thank you all as always, i hope this is useful to others users. 

example to delete the internal6 from CLI: Connected

FWF60 # config system virtual-switch FWF60 (virtual-switch) # edit "internal" FWF60 (internal) # set physical-switch "sw0" FWF60 (internal) # config port FWF60 (port) # show config port edit "internal1" next edit "internal2" next edit "internal3" next edit "internal4" next edit "internal5" next edit "internal6" next end FWF60 (port) # delete "internal6" FWF60 (port) # end FWF60 (internal) # end

Toshi_Esumi
Esteemed Contributor II

By the way, in case somebody found this thread in his/her search effort in the future, this "config sys virtual-switch" is so-called hard-switch configuration. Not soft-switch in the subject line (config sys switch-interface). Any FWF has a soft-switch (mostly "lan") by default including this "internal" hard-switch interface and "wifi" interface. And this thread is about how to remove one interface out of "internal" hard-switch interface.

Just don't get confused.

zballa
New Contributor

Or you could have go to Network/Interfaces, double click on Internal under Hardware Switch and click on the black x next to the interface you want to get out of the switch. I use the CLI a lot, but sometimes the GUI is better.

BNDP
New Contributor

You can edit the Internal switch interfaces and after that, u can see in the interface members all the ports are available with 'X' symbol. So you can select which port u want to remove and click on 'X' symbol. Then it will become an independent port.