Good Day
I have a Fortigate 40F and I wish to understand a few elements as shown in the screenshot.
I have executed an execute factoryreset and no other changes.
I can see in the output below interfaces that correspond to the physical interfaces I see on the box.
These are the lan1, lan2, lan3, a and wan interfaces. These all are physical copper ports on the device.
the wan interface has DHCP in by default and has gained an IP address as the port is connected to a Starlink unit.
Q1 What is the "lan" interface? I see that type = hard-switch. Maybe this represents an internal L3 interface?
Q2 What is the relation between the "lan" "hard-switch" and the physical ports mentioned above i.e. lan1, lan2, lan3, a? Can it be these are by default L2 ports in the same L2 domain on the hard-switch? Presumably if so the static address 192.168.1.99/24 is part of the default config?
Any comments to disambiguate appreciated
Thanks
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @slouw,
That is a hardware switch and it is by default. Please refer to this document for more information "https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/100999/hardware-switch"
Regards,
Minh
Hi @slouw,
That is a hardware switch and it is by default. Please refer to this document for more information "https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/100999/hardware-switch"
Regards,
Minh
The hard-switch is explained in the admin guide @mle2802 provided the link to with an example on FG60E. For 40F specifically,
"lan" hard-switch (192.168.1.99/24 by default) = "lan1" + "lan2" + "lan3".
In CLI:
config system virtual-switch
edit "lan"
set physical-switch "sw0"
config port
edit "lan1"
next
edit "lan2"
next
edit "lan3"
next
end
next
end
The "a" port is by default configured as the sole member of "fortilink" LAG/LACP interface so that I can be connected to FortiSwitch(es) to control. You can change it to be a part of the hard-switch "lan" interface if you want to.
I think it can be done by GUI as well but I've so far done it through CLI. You first need to remove "fortilink" interface since you can't leave "fortilink" empty without any members.
"fortilink" is referred in NTP server config and DHCP server config. You can remove them like below:
config system dhcp server del 2 end config system ntp set server-mode disable end
The you can remove "fortilink" interface.
config system interface del fortilink end
Then you can put "a" interface in the "lan" hard-switch.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.