We have 60Es that have hardware switches. The ip addresses were assigne but the mask as 255.255.255.0. Can I change the mask of theswitch to 255.255.255.255 without causing a loss in connectivity or bringing down a vpn tunnel? Also, if that is possible can I then assign a second port on that hardware switch an ip (192.168.1.11 255.255.255.255)?
I would test this out on my own but all the FW's I have to work with are in production.
A switch interface, consisting of multiple physical ports, is ONE virtual port. So, you can assign an address to it, and a secondary address as well. But these will apply to all physical ports of the switch at the same time.
But...a /32 address doesn't make any sense here. You need at least to have a subnet of 4 addresses to be able to communicate with one other device (next hop router, host or whatever). That is, a /30 mask at least.
What is your intent in using a 'host address' on a router interface?
I need to connect the device to a core switch on the internal side with 2 ip's from the 192.168.1.0 subnet(1.10, and 1.X) and on the external side I need to connect it to 2 different ELAN switches with each interface having an ip address in the 21.X subnet.
and you think FGT and switch can communicate if the FGT has a /32 address??
2nd part:
The FGT is a router. NO two addresses from the same subnet on different ports - one subnet per port.
On the same port, second address can be used as 'secondary' address.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.