Hi,
I can't find find Lan Interfcae list in fortigate web consol. It showing only One Interface, so i cant create another Physical interface.so please anybody know how to solve this, please..
firmware is in this Versionv5.2.1,build618 (GA) and am using fortigate 60D.
Solved! Go to Solution.
hi,
by default the LAN ports on desktop models are switch ports.
They are represented as just one interface because all belong to the same broadcast domain / same subnet.
If you want to use more ports you have to change the port mode from 'switch' to 'interface'. You can do so in the Network>Interface section. Beware that all configuration related to the 'internal' port need to be removed before you are allowed to switch the mode. Check these:
- policies
- address objects assigned to that interface
- DHCP server
- static routes
Don't worry, I'm glad it's working for you now. Enjoy!
Hi all,
Is there anybody who tried the procedure like Dave Hall suggested?
"....Load an uncrypted backup config into a text editor, replace all references of " internal" to " internal1" , then look for the line " set internal-switch-mode switch" and change that to " set internal-switch-mode interface" ; save changes then load that back into the fgt."
My Fortinet 100D, running v5.2.3,build670, has the same issue, only one physical interface active the rest up to port 16 looks like disabled.
And by the way in my config there is no line containing "set internal-switch-mode" command.
Thanks,
Paul
Paul,
yes I do! Done that a couple dozen times by now.
As all references to the 'internal' interface have to be removed before doing the split up it's best to do that right after a factory reset. Let me suggest this sequence:
1. backup your config, not encrypted
2. in the CLI, type 'exec factoryreset' and confirm with 'y'. FGT reboots.
3. Log back in with default credentials ('admin'/'') using the console port/serial connection. You have to delete the DHCP serve, a policy and a route all relating to the 'internal' interface, by
'conf sys dhcp server', 'purge', 'end'
'conf firewall policy', 'purge', 'end'
'conf router static', 'purge', 'end'
Of course, this leaves your FGT rather crippled.
Then, do the switch
'config sys global', 'set internal-switch-mode interface', 'end'.
FGT reboots.
4. log back in, note how the LAN interfaces are named now. 'internal1', 'internal2',...
5. Edit a copy of your config file: search and replace all occurrences of 'lan' to 'internal1' (or whatever is appropriate for your model). In my experience this cannot be done without inspecting each occurrence found.
6. Restore that edited config to your FGT (via GUI or uploading via serial).
FGT will reboot.
7. Log back in, using your credentials.
8. Connect to GUI and check everything.
Not too much hassle. You'll be thankful in the long run, there's always one more server to connect physically...
Edit:
In the config file, only settings which differ from the 'factoryreset' default settings are listed. That's why usually you won't see the 'config sys global/set internal-switch-mode' line. You will - after the switch.
I should add that on some but not all models the internal switch is called 'lan' in v5, and 'internal' in v4 of FortiOS. Some multi-multi-port models come with single interfaces by default. So check your config before beginning the procedure.
Thank you ede_pfau! I will try this procedure this weekend.
Do you have any idea if changing this configuration, will make work the LAN ports as layer 3 switch? What I want, is to push a public IP thru LAN 5 and I don't want to install a layer 3 switch in between my ISP and my firewall.
Thanks
Paul
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.