Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1. Is this possible without hosing my existing users?I am not sure to understand about what are you meaning but ' hosing your users' but every new usergroup should be controlled by appropiate policies to avoid bottlenecks, etc. For instance, your proposed path (Vlans) is better that another approach.
2. With unmanaged switches, is this possible?No. You need a switch that understand 802.1q protocol.
3. I know the FG100a has 4 more switch ports that are not in use. Can I utilyze these ports to do this? If so, they do not show under " System-Network" as available for configuration.If your 100A unit has its serial number starting with FG100A2905 you' ve a ' revision 2' unit and you could transform the 4-port internal switch into 4 independent ports. Look in system->network and you could see a ' switch to interface mode' button Take in account that in order to activate that mode, you need to clean all references to your ' internal' interface (that' s = you lost your present config ).
Does anyone else out there have a sample config they would like to chare?If you go for VLAN path, nothing special, just treat is another interface and take care about the vlan tag in your switch config regards,
regards
/ Abel
My serial number starts with FG100A39075. Does your reference to rev 2 mean all serial numbers starting at FG100A2905 and above?Exactly, you could switch into ' interface mode'
Currently under Status-Network I have only two buttons: " Create New" and " Switch Mode." If, in fact, I can change to interface mode I assume I would no longer need to use a VLAN as I would be able to just configure a different port and use routing and policies to secure my traffic.indeed, if you click ' switch mode' button, you' ll see the options available, that you' re in (4-ports switched) and ' interface mode' with four interfaces internal1,.., internal4, that you' ll can address separately.
I understand that I have to remove all the existing policies for my current " Internal" port (ouch) so in there a way to capture any and all routes/policies for that port so I can reconfigure it once (and if) I can switch modes?Any reference to a ' internal' interface (policies, dns forwarding, routes, vpn, DHCP, etc) will avoid you can switch to interfase mode. Unless you remove all these references (the box itself will warn you) you' ll cannot switch. Indeed, you' ll lose actual configuration and you' ll have to reconfigure it for instance for ' internal1' new interface.
And would this also affect any other routes/policies that are bound to my other ports (DMZ1, DMZ2 etc) that are relative to my current " Internal" ?ANY reference to ' internal' interface will need to be removed and reconfigured for a new interfaces internal1 or internalX you choose. If routes/policies are between DMZXs or WANxs, no problem
Sorry for so many questions, I just want to be entirely clear on what the consequences may be.remember 2 things: - after switch to interface mode, the 4 new internal interfaces are not addressed, so you' ll need to log into your box through WANx or DMZx interfaces if you use webGUI. Arrange the things appropiately to ensure you can do that before switching. If Not, you' ll need log using the Console to configure the new internal interfaces. - a good timesaving tip could be work a little with the backup file with a plain-text editor and replace ' internal' references with, for example, ' internal1' . You could paste those commands with CLI directly after the big change. After you recover the functionality with the four interfaces splitted, your original post will be a very easy task, working with the new interfaces. Good luck and patience.
regards
/ Abel
Created on 12-21-2008 05:55 AM
O Does anyone know if this is possible with a FortiGate 50?Hello and welcome, No, it is not possible for a 50 model (the splitting interfaces stuff) Assuming you´ve a 50A or 50B, you could use VLANs regards
regards
/ Abel
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.