Internal interfaces on Fortigate (60E)

Volks · ‎06-27-2018

Hello,

I would like to know the difference between the internal ports and DMZ/WAN ports on the FortiGate 60E.

Is it possible to create multiple VLANs on one internal port or it's only possible on DMZ/WAN ports ?

See this picture for exemple : [link]https://i.imgur.com/NjusR2x.png[/link]

Regards.

sw2090 · ‎06-27-2018

physically there is no difference - they're all ports. The difference since FortiOS 5.4.x is the role that is set for the interface but you can change that to unknown or lan if needed ;)

So you could use any port (except modem or console of course) for anything networking.

You can create multiple vlans on any port (depending on the role it is set to - you might have to change this to enable that.

Generally: you could use all network ports on a FGT for your purposes und you can attach mulitiple vlans to any of them.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

View solution in original post

loic · ‎06-27-2018

be carefull with FortiGate above 200E, management ports are not attached to NP which means that the performances are not the same

Loïc

View solution in original post

Toshi_Esumi · ‎06-27-2018

One important difference: those internalX ports are controlled by switch hardware, and you can put them in under one hard-switch (config sys virtual-switch) like the default internal interface. While DMZ/WAN ports are not switch ports. If you want to combine between them, you need to use a soft-switch (config sys switch-interface).

There is obvious performance difference between hard and soft-switch. There were some discussion about it for FG60D in this forum in the past. 60E is a direct successor of 60D, inheriting the same architecture.

View solution in original post

sw2090 · ‎06-27-2018

physically there is no difference - they're all ports. The difference since FortiOS 5.4.x is the role that is set for the interface but you can change that to unknown or lan if needed ;)

So you could use any port (except modem or console of course) for anything networking.

You can create multiple vlans on any port (depending on the role it is set to - you might have to change this to enable that.

Generally: you could use all network ports on a FGT for your purposes und you can attach mulitiple vlans to any of them.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Volks · ‎06-27-2018

Thank you for your help.

loic · ‎06-27-2018

be carefull with FortiGate above 200E, management ports are not attached to NP which means that the performances are not the same

Loïc

Toshi_Esumi · ‎06-27-2018

One important difference: those internalX ports are controlled by switch hardware, and you can put them in under one hard-switch (config sys virtual-switch) like the default internal interface. While DMZ/WAN ports are not switch ports. If you want to combine between them, you need to use a soft-switch (config sys switch-interface).

There is obvious performance difference between hard and soft-switch. There were some discussion about it for FG60D in this forum in the past. 60E is a direct successor of 60D, inheriting the same architecture.

Internal interfaces on Fortigate (60E)

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website