Physical Lan Interface configuration

sunu · ‎10-30-2014

Hi,

I can't find find Lan Interfcae list in fortigate web consol. It showing only One Interface, so i cant create another Physical interface.so please anybody know how to solve this, please..

firmware is in this Versionv5.2.1,build618 (GA) and am using fortigate 60D.

ede_pfau · ‎10-30-2014

hi,

by default the LAN ports on desktop models are switch ports.

They are represented as just one interface because all belong to the same broadcast domain / same subnet.

If you want to use more ports you have to change the port mode from 'switch' to 'interface'. You can do so in the Network>Interface section. Beware that all configuration related to the 'internal' port need to be removed before you are allowed to switch the mode. Check these:

- policies

- address objects assigned to that interface

- DHCP server

- static routes

Ede Kernel panic: Aiee, killing interrupt handler!

View solution in original post

ede_pfau · ‎10-30-2014

hi,

by default the LAN ports on desktop models are switch ports.

They are represented as just one interface because all belong to the same broadcast domain / same subnet.

If you want to use more ports you have to change the port mode from 'switch' to 'interface'. You can do so in the Network>Interface section. Beware that all configuration related to the 'internal' port need to be removed before you are allowed to switch the mode. Check these:

- policies

- address objects assigned to that interface

- DHCP server

- static routes

Ede Kernel panic: Aiee, killing interrupt handler!

sunu · ‎11-01-2014

Hi,

Thans for your replay. its really heaplfull...

To change switch mode to Interface Mode i need to remove everything associated with that Port. ??

My problem is, we have VPN Tunnels working in this system also some policies. so i need to remove all these..

is there any other option, means without removing these policies, can i switch to Interface mode...

is any options, it really helpful..

any way am really thanks four replay and hope some solution for this..

Sunusurendran,

Dave_Hall · ‎11-01-2014

sunu wrote:
[...]is there any other option, means without removing these policies, can i switch to Interface mode...
is any options, it really helpful..[...]

This works on 4.0 MR3 but not so sure (never tried it) on 5.x code ....Load an uncrypted backup config into a text editor, replace all references of " internal" to " internal1" , then look for the line " set internal-switch-mode switch" and change that to " set internal-switch-mode interface" ; save changes then load that back into the fgt.

Never under estimate the power of the forum search.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

sunu · ‎11-03-2014

Hi deva Hall,

Hi ede_pfau,

I done everything, by editing the conf file in text mode. Now firewall in Interface Mode and i Just need to create policies.

I created the policies, and my VPN is showing up. Now my problem is i can ping remote local Network gateway(192.168.5.1/24) from my CLI console in fortigate, but from remote fortigate i can't Ping to my Local forigate Local intetcae(192.168.0.1/23).

ping to 192.168.5.1 from Local fortigate CLI is ok

ping from remote fortigate CLI to Local fortigate Local interface (192.168.0.1) not working.

what my be the problem

ede_pfau · ‎11-02-2014

sunu,

the good news is that you only have to remove policies etc. using the 'internal' interface, not all policies. I assume that your VPNs are associated with the WAN port and not the 'internal' ports. But policies might be.

And yes, I would rather go with the solution Dave posted: download the config file, edit it in an editor, restore it via WebGUI.

BE AWARE that restoring will cause an immediate reboot of the FGT!!

This is the reason why you change the switch mode right at the beginning of any configuration if you foresee that you will need more physical ports.

Ede Kernel panic: Aiee, killing interrupt handler!

sunu · ‎11-03-2014

Hi Ede_pfau

I have created polices Police to allow traffic form WAN to LAN.

what may be the problem. now am totally confused..

sunu · ‎11-03-2014

Hi,

Actually from the remote network i need to access one software installed in Local network.

192.168.0.1 is my Local Lan gateway, and i can ping remote network local gateway from my fortigate CLI.

but from the remote network(192.168.5.0) i can't access my server in Local network.

i can't even ping to 192.168.0.1 from remote fortigate.

In switch mode its working before..

remote fortigate still in switch mode..

sunu · ‎11-03-2014

Hi ede,

My problem is i can't access one software installed in Local server from remote network.

what may be the problem, is in polices? , please guide me to solve, actually am first to Fortigate.

sunu · ‎11-03-2014

I want to access a server on the Local subnet behind a VPN tunnel from remote network server is in Local Subnet

i created 2 policies in each fortogate

1 for wan to lan and another for wan to LAN

this picture is my local fortigate policies

Physical Lan Interface configuration

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website