- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Change of VLAN ID
All,
I find it quite unbelievable that you can't change the VLAN ID of an interface once it has been created. This must be the only network equipment we own that does not allow this. And we have a lot.
So - this I do want.
/BT
-- Bjørn Tore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Backup the config, edit the interfaces VLAN ID and restore the config. It will require a reboot of the firewall.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes - I know how to change the VLAN ID. But that it either requires to rewrite the config with policies, routes etc, or a reboot - it seems so last century..
-- Bjørn Tore
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I couldn´t agree more!
I have talked to guys on events and asked why this is impossible, but they cannot come up with a good answer.
Probably the only vendor that doesn´t allow this except for recreating everything or change the config file and do a reboot.
I wonder how this is working in a big datacenter where they change vlan IDs all the time, "sorry but we need to reboot the firewall 10 times a day because we need to change vland id......"
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are a few interface settings and behaviors that do this
Mike Pruett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Than make a NFR to fortinet. I do not see this as big issue, in most enterprise they design things and don't need to change vlan.id that often.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Believe me, I have.
And even if it´s not that often, as you say, you shouldn´t have reboot and re-import a config to change vlan ID, (or create the new vlan and then create every rule again)
Cisco can do it, Juniper can do it, so why not Fortinet ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It boggles the mind that Fortinet still hasn't fixed this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This feature is added in 7.0+
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/885870/interface-migration-wizard
Before it is available, it does require some effort.
One way to do is to create a new VLAN interface, and replace all the references the old one is associated (such as firewall policy).
In the GUI/Network interfaces, on the far right, you should see a # associated with the old VLAN interface object.. click it and you will see where it is used/referenced.
Hope this helps.
Jian Wu