Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jrothwell1988
New Contributor

Change the interface names Fortigate 60c

I am looking to change the interface names on my 60c v4.0,build0646,121119 (MR3 Patch 11).

 

Thanks

14 REPLIES 14
Toshi_Esumi
Esteemed Contributor III

I don't think you can change those names like wan1, wan2, dmz, internal. You might try setting an alias but that's just a description, which you can't use in your config (someone please let me know if I'm wrong about this). 1, 2, 3,... are just switch port numbers, not interfaces with 4.3. I think you can separate them from internal and name it separately with interface mode with 5.0 or later (at least with 60D).

Ralph1973

if it is for better view in your policies, you can also use Zones and put the interface in the zone. The zone is then only visible in your policies (and not the interface name)

 

Rgds,

Ralph

ede_pfau

One last way to 'rename' a port is to create a LACP trunk port with just one physical member port.

 

All of this comes with a price. Zones do not permit all configuration which physical ports allow (for instance, no secondary addresses). Trunk ports are handled by the CPU which might lead to CPU overload if the traffic across is high enough.

Only aliases do not come at a cost - but they are 'visual' only, in the GUI. You won't use them in the CLI.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
mazu74

Backup Fortigate's config to txt file (With no encryption).

Edit the backup file and modify interface name.

Restore the config with the new file.

ede_pfau

@mazu74:

Have you tried this? Restore will fail because the BIOS doesn't recognize the 'new' names.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
mazu74

Yes,

I did it with virtual tunnel interface Name for my VPN under physical interface WAN1.

tanr
Valued Contributor II

@ede, you said: 

ede_pfau wrote:

Zones do not permit all configuration which physical ports allow (for instance, no secondary addresses). Trunk ports are handled by the CPU which might lead to CPU overload if the traffic across is high enough.

In 5.4.x I can add multiple secondary addresses to a vlan interface that is in a zone.  I haven't tested this much, but it seemed work fine (security policy for the containing zone allowing access correctly to the secondary address, etc.) and I had been planning on using secondary addresses for a few interfaces.  Has this functionality changed between 5.2.x and 5.4.x?

 

Could you please point me to any docs that discuss the limitations and/or costs of using zones?  

I'm using zones pretty heavily and am wondering if this means I'm digging myself into a big hole.

ede_pfau

@mazu74:

yes, you've found that one exception, you can change names of virtual ports this way. No chance doing that with physical ports.

@tanr:

speaking of digging holes...I once was a big fan of zones as well. Used some just for renaming. Until I tried a config where it just didn't work and I had to unravel the config again.

 

No, IMHO there is no explicit documentation of this feature, only what you've got in the Admin Guide. I would love to have a zone behave exactly like a physical or virtual port but there are limitations. Secondary addresses were my first thought, but I haven't tested a zone IF in every possible circumstance: in a VIP, in a LLB scenario (well, yes, that's covered), in a route,...

You could check the KB or the forums but in both places the search is cumbersome.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
tanr
Valued Contributor II

Thanks for the warnings about zones.  Not what I wanted to hear, but better forewarned.

Labels
Top Kudoed Authors