Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BumbleBee
New Contributor

Connecting 2 switches to fortigate 60B

Hi, I would like to connect 2 switches to A Fortigate firewall 60B (Yes I know i' s old ). I see there are several (actually 6) internal RJ45 ports and now it is connected to only one port with one switch. I also see that the port is configured to use the following: Addressing mode - Manual IP/Netmask: 192.168.1.1/255.255.255.0 What should I configure on the second RJ45 interface so it will work ? Do I need to split the network so one port will use 192.168.1.1-150 and the second port will use 192.168.1.151-254 ? Thanks
11 REPLIES 11
rwpatterson
Valued Contributor III

Welcome to the forums. The device may be ' old' but it' s still supported. :) If you' re running in switch or hub mode, then all 6 internal interfaces share an IP address. If you' re running in interface mode, then you have 6 individually identifiable interfaces (internal1-internal6) that you can handle separately. What' s your goal here? If you need the other 5 ports, just plug in. All 6 share the same IP subnet.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
BumbleBee
New Contributor

Hi, Thanks for the welcome greeting and answer. Actually I new in the office and got the Firewall by legacy :-) My goal here is to add another switch but chaining it to the first switch not through taking a Port in the first switch and to bypass a single point of failure connecting 2 switches together physicality. I see the configuration is " Interface Mode" which means this is not suitable to what I need. I guess the solution I need is the " Switch mode" ? Oh and almost forgot. When you say " just plug in" - I did but it does not get any network - no blinking lights on the NIC. I guess this is because the interface is down and the IP/Netmask is not configured as well. Thanks!
BumbleBee
New Contributor

By The way, how do I backup the fortigate 60B configuration ?
rwpatterson
Valued Contributor III

From the GUI, up in the right, click on the floppy disk icon (if you' re using the older green interface) From the GUI, in the " System > System Information panel > System Configuration line" , there is a gray link to backup (if using the newer white interface) If you click on " System > Network" and view the interfaces, you' ll see 1 internal if in hub or switch mode.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
BumbleBee

Hi, Only when clicking on the ' switch mode' on the top menu in Interfaces (' Create new, ' edit' , delete' , ' switch mode' ) I can see that Interface mode is selected. I have added all columns to the Interfaces and still can not see Hub or Switch mode. Thanks! BTW, can you reply on my earlier message from 2/10/2012 7:09:22 AM ?
rwpatterson
Valued Contributor III

In reply to this post: because you' re in interface mode, you' ll only see switch mode as an option to change to. If you' re using the green version of code, you won' t have the option for hub mode. It' s one mode at a time. Be careful. If you switch, all the policies may not work, because the interface name will have changed from ' internal1' to ' internal' . I haven' t switched between the 2 lately. I forgot how that works. Also there is a reboot involved, so schedule down time if that' s your aim. What part of your earlier post do you wish for me to reply to? In your current setup, you have to chain the switches. No way around that.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
ede_pfau
Esteemed Contributor III

actually, he doesn' t have to. As far as I understand OP' s need he doesn' t want to daisy-chain switch2 to a port of switch1 to avoid losing all switch ports in case sw1 dies. Back to the Fortigate: after factory reset, all ' internal' ports form a switch. You can plug 2 switches into ports 1 and 2 resp. to have more ports. All these ports, on switch1, switch2 and the 4 ports on the 60B, share one subnet and one collision domain (!). That' s what you want. So, after fiddling around with interface mode and switch mode, I recommend typing in these commands on the console window: ' exec factoryreset' This will revert the internal interfaces into ' switch mode' and clear all configuration. Start anew and plug your switches into the ' internal' ports.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
BumbleBee

Hi, Correct me if I' m wrong, but the command ' exec factoryreset' will cause the lose of ALL configurations including Rules and Site2Site VPNs and User etc. Am I right ? Thanks
ede_pfau
Esteemed Contributor III

That' s right, it' s a bulldozer type of command. Depends on how far your config is at this point. You might get away with just switching the interface back into ' switch mode' . This only works if you have no references to the internal ports yet - policies, addresses etc. That' s why I' m suggesting the big hammer method.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors