I am looking to change the interface names on my 60c v4.0,build0646,121119 (MR3 Patch 11).
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I don't think you can change those names like wan1, wan2, dmz, internal. You might try setting an alias but that's just a description, which you can't use in your config (someone please let me know if I'm wrong about this). 1, 2, 3,... are just switch port numbers, not interfaces with 4.3. I think you can separate them from internal and name it separately with interface mode with 5.0 or later (at least with 60D).
if it is for better view in your policies, you can also use Zones and put the interface in the zone. The zone is then only visible in your policies (and not the interface name)
Rgds,
Ralph
One last way to 'rename' a port is to create a LACP trunk port with just one physical member port.
All of this comes with a price. Zones do not permit all configuration which physical ports allow (for instance, no secondary addresses). Trunk ports are handled by the CPU which might lead to CPU overload if the traffic across is high enough.
Only aliases do not come at a cost - but they are 'visual' only, in the GUI. You won't use them in the CLI.
Backup Fortigate's config to txt file (With no encryption).
Edit the backup file and modify interface name.
Restore the config with the new file.
@mazu74:
Have you tried this? Restore will fail because the BIOS doesn't recognize the 'new' names.
Yes,
I did it with virtual tunnel interface Name for my VPN under physical interface WAN1.
@ede, you said:
ede_pfau wrote:Zones do not permit all configuration which physical ports allow (for instance, no secondary addresses). Trunk ports are handled by the CPU which might lead to CPU overload if the traffic across is high enough.
In 5.4.x I can add multiple secondary addresses to a vlan interface that is in a zone. I haven't tested this much, but it seemed work fine (security policy for the containing zone allowing access correctly to the secondary address, etc.) and I had been planning on using secondary addresses for a few interfaces. Has this functionality changed between 5.2.x and 5.4.x?
Could you please point me to any docs that discuss the limitations and/or costs of using zones?
I'm using zones pretty heavily and am wondering if this means I'm digging myself into a big hole.
@mazu74:
yes, you've found that one exception, you can change names of virtual ports this way. No chance doing that with physical ports.
@tanr:
speaking of digging holes...I once was a big fan of zones as well. Used some just for renaming. Until I tried a config where it just didn't work and I had to unravel the config again.
No, IMHO there is no explicit documentation of this feature, only what you've got in the Admin Guide. I would love to have a zone behave exactly like a physical or virtual port but there are limitations. Secondary addresses were my first thought, but I haven't tested a zone IF in every possible circumstance: in a VIP, in a LLB scenario (well, yes, that's covered), in a route,...
You could check the KB or the forums but in both places the search is cumbersome.
Thanks for the warnings about zones. Not what I wanted to hear, but better forewarned.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.