All,
I find it quite unbelievable that you can't change the VLAN ID of an interface once it has been created. This must be the only network equipment we own that does not allow this. And we have a lot.
So - this I do want.
/BT
-- Bjørn Tore
Backup the config, edit the interfaces VLAN ID and restore the config. It will require a reboot of the firewall.
Yes - I know how to change the VLAN ID. But that it either requires to rewrite the config with policies, routes etc, or a reboot - it seems so last century..
-- Bjørn Tore
I couldn´t agree more!
I have talked to guys on events and asked why this is impossible, but they cannot come up with a good answer.
Probably the only vendor that doesn´t allow this except for recreating everything or change the config file and do a reboot.
I wonder how this is working in a big datacenter where they change vlan IDs all the time, "sorry but we need to reboot the firewall 10 times a day because we need to change vland id......"
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
There are a few interface settings and behaviors that do this
Mike Pruett
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
Than make a NFR to fortinet. I do not see this as big issue, in most enterprise they design things and don't need to change vlan.id that often.
PCNSE
NSE
StrongSwan
Believe me, I have.
And even if it´s not that often, as you say, you shouldn´t have reboot and re-import a config to change vlan ID, (or create the new vlan and then create every rule again)
Cisco can do it, Juniper can do it, so why not Fortinet ?
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
It boggles the mind that Fortinet still hasn't fixed this.
This feature is added in 7.0+
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/885870/interface-migration-wizard
Before it is available, it does require some effort.
One way to do is to create a new VLAN interface, and replace all the references the old one is associated (such as firewall policy).
In the GUI/Network interfaces, on the far right, you should see a # associated with the old VLAN interface object.. click it and you will see where it is used/referenced.
Hope this helps.
Jian Wu
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.