Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ciscoasa
New Contributor

Interface Type Questions

Hello,

 

When we create a new interface, what's the different between VLAN Switch, Software Switch and Hardware Switch ?!

 

Thanks for your reply.

 

5 REPLIES 5
vjoshi_FTNT
Staff
Staff

Hello,

 

Software Switch:

- You can bind different physical interfaces together and want all of them to be on the same subnet.

 

For example, if your FortiGate unit has interfaces : 4-port switch, WAN1, WAN2 and DMZ

- You need one more port, then you can create a soft switch that can include the 4-port switch and the DMZ interface all on the same subnet. These types of applications also apply to wireless interfaces and virtual wireless interfaces and physical interfaces such as those with FortiWiFi and FortiAP unit. Similar to a hardware switch, a software switch functions like a single interface. A software switch has one IP address; all of the interfaces in the software switch are on the same subnet. Traffic between devices connected to each interface are not regulated by security policies, and traffic passing in and out of the switch are affected by the same policy. Virtual Switch: Virtual switch feature enables you create virtual switches on top of the physical switch(es) with designated interfaces/ports so that a virtual switch can build up its forwarding table through learning and forward traffic accordingly. When traffic is forwarded among interfaces belonging to the same virtual switch, the traffic doesn't need to go up to the software stack, but forwarded directly by the switch. When traffic has to be relayed to interfaces not on the virtual switch, the traffic will go through the normal data path

 

Hardware Switch:

- It is just a L2 switch which is used for reference in comparing the above

 

Cheers!

vjoshi_FTNT
Staff
Staff

Sorry, missed about the vlan switch.

 

VLAN switch is the term used for the actual switch which is configured with complete vlan database

 

On the Fortigate, you can configure a sub-interface (VLAN interface) with the VLAN ID(depending on the vlan's you have)

 

Cheers!

Panki
New Contributor

Hello,

Just want to know if we can configure aggregated interface in redundancy or not?

As I have checked, Redundant interface passes traffic through only one interface at a time.

So is it possible to have 2 different pairs of interfaces which we can add in redundant interface.

 

Thanks

emnoc
Esteemed Contributor III

Keep in mind  a  software switch allows you to bind multiple and different  interfaces types ( PHY+WLAN ) where a hardware switch is a group of  interfaces.

 

Vlan.SWITCH just supports vlan.id in the switch profile and not all  units have hardware switch and in some units, you can group 2 or more hardware switches iirc.

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
machiasiaweb

Hello,

 

I also want to know does software / hardware switch setup can function as redundancy use?  It is because lower end model (under 100D) did not support LACP mode running.

 

Thanks!

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors