Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AnotherFortiUser
New Contributor II

Created on ‎10-07-2025 02:31 AM

Disable Bypass Mode on Power-Off on FortiGate Rugged60F

Hi,


in the documentation of the FortiGate Rugged60F it says, that port internal4 and wan1 form a bypass pair.
As I understand by reading documentation (https://docs.fortinet.com/document/fortigate/7.4.7/hardware-acceleration/754739) this results in forming a hardwired connectivity between these ports in the case of a power failure / power-off.

This might result in a security issue, if using those two interfaces in different network segements / vlans, if I understand this description correctly.

I also couldnt find any documentation on how to disable this feature - only for different FortiGate models. And those either say its possible to disable via CLI (80/81), but a different model describes it cant be disabled and is the default configuration (Rugged 90D):
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-poweroff-bypass-and-bypass-watch...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypass-Ports-on-FortiGate-Rugged-90D/ta-p/...


Could you help me answer the following questions:
1) Did I understand the documentation correctly and is my conclusion correct, that you shouldnt use those two ports simultaneously in different network zones?
2) If 1 is the case, can this functionality be disabled? Or is the solution, that you just dont use those two ports simultaneously?

Thank you in advance!

Best regards

Labels:
174
0 Kudos
3 REPLIES 3
ozkanaltas
Valued Contributor III

Created on ‎10-07-2025 02:47 AM

Hello @AnotherFortiUser ,

 

If you use the same VLAN ID or the same network on both wan1 and internal4 interfaces, yes, you are right. They can access each other's network when a power failure. 

 

This feature is especially good if you use transparent mode.

 

Also, in the document, describe how to disable bypass on these ports.

 

image.png

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
165
AnotherFortiUser
New Contributor II
In response to ozkanaltas

Created on ‎10-28-2025 06:25 AM Edited on ‎10-28-2025 06:26 AM

Hi, sorry for the late response - but I wasn't able to verify the proposed options earlier.

When we try to execute the shown commands, it doesnt accept the general "config system bypass" command ("command parse error before 'bypass' Command fail. Return code 1"). Bypass isnt an available system configuration parameter, also shown by executing "config system" - "bypass" isnt part of the displayed list.

We are testing on a FortiGate Rugged 60F, running FortiOS 7.4.8M.
It seems, that this option isnt available. Also the internal4 interface is not part of a internal (virtual) switch.

42
0 Kudos
AnotherFortiUser
New Contributor II
In response to ozkanaltas

Created on ‎10-28-2025 06:32 AM Edited on ‎10-28-2025 06:43 AM

Just to clarify - the documentation says, that bypass mode can be enabled in transparent mode. But if the FortiGate operates in NAT mode, the bypass mode is disabled (by default / in general)? Did I understand that correctly?

 

The problem I am seing is that in default configuration and even in NAT operation  mode, in case of power loss/hardware failure, the interfaces internal4 and wan1 will be directly connected - regardless of the bypass-mode configuration:

fortigate_poweroff-bypass.png

41
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.