Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
o_previti
New Contributor

fortigate 60d access vlan port

i have un fortigate 60d , i removed the cisco switch to manage everything from the firewall. on the cisco switch I had ports in access mode, is it possible to have the same configuration on the firewall ports?

10 REPLIES 10
isamt
Contributor

Fortigates operate in switch or interface mode

In switch mode you have a single virtual interface containing all user ports so effectively acts as in access switch mode.

 

o_previti

i have configurated hardware switch and free internal 

 

[image][/image]

 

but i can't put internals in access mode on a specific vlan like normal cisco switches. example I have a device that I cannot set the vlan but I have wired on my fortigate and not being on the vlan specification it is not reached by other devices 

o_previti

I wonder then why the hardware switch function. I'm trying

 

edit "internal5" set vdom "root" set ip 172.25.40.254 255.255.255.0 set allowaccess ping set alias "QNAP" set device-identification enable set role lan set type physical set snmp-index 20 set vlanid 40 next

 

but when i try the command set vlanid 40 show error 

 

[image][/image]

 

 

Toshi_Esumi
Esteemed Contributor III

Your attached images are broken. But the hard-switch "config sys virtual-switch" is to have the same set of non-tag + VLANs on a set of multiple physical ports. Then it becomes a single port for configuration.

Carl_Wallmark

Only certain models support vlan switch, in other words to put an interface or groups of interfaces as "untagged vlan"

 

First it needs to activated:

config system global

set virtual-switch-vlan enable

end

 

then it should be visible in the GUI:

 

Then you can also create "Trunk" interfaces.

 

It is documented here:

New Features | FortiGate / FortiOS 6.2.0 | Fortinet Documentation Library

 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
o_previti

I agree, but my boss wants certain devices to be behind firewalls and these devices must have the port in access

o_previti

i don't have this screen .. i have 

 

[image][/image]

 

is probably versions os 

 

[image][/image]

 

 

it's possible upgrade ?

Carl_Wallmark

The 60D will not support "virtual-switch-vlan", (access mode).

 

Reach out to the fortinet support and ask which models and OS supports the "virtual-switch-vlan". You probably need a newer/bigger model for that, I know it is working on 100E, 100F and 300E as I have configured it myself.

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
o_previti

for my needs the 100E is too big .. I would like to be able to solve the problem with the 60D

Labels
Top Kudoed Authors