Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Interfaces labels (LAN, WAN, DMZ etc.)

Hello, I'm thinking about purchasing 2 FG 200D to use them as HA cluster. However there is some confusion. At the moment I have about 6-7 security zones and my current firewall device is able to mark any of physical device interfaces to be in any of security zones.

In Data Sheet for FG 200D there is information that there are 2xWAN, 2xSFP-DMZ and 16xLAN interfaces. Is that meaning that I can only have 3 security zones and they have to be assigned to specified interfaces?

I hope that there is possibility to create multiple security zones and assign them to any of the 200D interfaces. But why in data sheet there are such descriptions?


And the second thing - I understand that 200D can work as the router, so I can assign IP address to all security zones etc.?




You would like to know how many zones you can create on Fortigate 200D.


By default fortigate unit comes with Switch mode, means all the 16 LAN ports considered as Switch.


You can change this to interface mode then you can use 16 ports individually, you can create your security zone.


For more information on zones, please refer the below document


Hope this answers your query.




EMEA Technical Support

Thank you for your reply.

Please let me know - what is the difference between ports marked as "LAN" "WAN" "DMZ" in data sheet?

Why they have different descriptions, if i can make security zones on my own?




and welcome to the forums.


Ports are labeled just for convenience - you can use any port for any network (or "security zone" - Juniper guy?). As already mentioned the block of 16 ports on a 200D can be split up into individual ports which you can use for 16 "security zones" if you need. You can even combine several of these ports into smaller switches again.

You can "name" ports with an alias as a reminder of it's role.


And of course, you can have a lot more zones by using VLANs and VLAN ports. The drawback is that all VLAN ports associated with a physical port share the port's bandwidth. But in theory you can have another 4095 virtual ports this way.


When you set up your HA cluster consider using 2 HA ports, with 2 RED cables running different paths through the rack. There is nothing more detrimental than breaking the HA link. And a 200D has ports galore...


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Top Kudoed Authors