Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you can afford the outage while the unit reboots, ede's method is easy, elegant with low risk of error. The only line you need to change is
config system interfaceIf you can't afford the reboot, then your only option is to delete all dependencies on the vlan interface, delete the interface, rebuild the interface, rebuild the dependencies. It's not a pleasant task and error prone.
edit "vlan-name"
set interface "physical-interface" # change to the new interface
next
end
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
ede_pfau wrote:Being in health care (pun intended), open heart is a far easier solution for me. Only the VLAN in question is down. No other users are (or were) affected. I've done it that way several times. I guess I'm just very confident. (and very cautious!)
But...that would be an " open-heart operation" and you would have to watch out to make the right steps in sequence. A lot of trouble if a reboot wouldn' t cost much. Deleting all policies would start a partial downtime, then deleting the interface (maybe some DHCP as well) and rebuilding, that all will take some time. A reboot induced downtime might be shorter but would affect all users. Depends on the situation I guess.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
If you can afford the outage while the unit reboots, ede's method is easy, elegant with low risk of error. The only line you need to change is
config system interfaceIf you can't afford the reboot, then your only option is to delete all dependencies on the vlan interface, delete the interface, rebuild the interface, rebuild the dependencies. It's not a pleasant task and error prone.
edit "vlan-name"
set interface "physical-interface" # change to the new interface
next
end
Thanks for the replies.
Editing the config file is a very neat solution and much quicker than deleting and re-adding. A certain amount of downtime was expected for this operation so a reboot is not an issue.
Ferdie
Deleting and recreating can be quite quick if you prepare it in advance.
[ul]
'config firewall policy
delete <your policy #>
end'
[ul]I recommend copying and pasting one section at a time rather than a large block of config. That way it's easier to see if you have made an error/typo.
If you are unsure, test it out on a spare firewall.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.