Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Switch mode vs interface mode

Hi all, 

  I'm new to firewall(FortiGate 60c) products and i'm started to learn basics and i want to understand what is the main difference between interface mode and switch mode apart from subnet/port aggregation/redundancy.

Especially why there is switch mode and what it can deliver?


Thanks in advance.  


Esteemed Contributor III



and welcome to the forums.


Some FGTs have a switch circuit in hardware to be able to form a switch (L2) from individual ports. As a router, a FGT supports one subnet per port - there cannot be any duplicate addresses on different ports. Therefore, if you need more than one local port, e.g. in a small office environment, you can use some ports in a switch.

Switch ports and aggregation are different things: traffic is broadcast to all switch ports (one broadcast domain) whereas link aggregation splits traffic in Layer 3 (hash over src or dst address(es)) to achieve higher bandwidth or redundancy.


Even in case your FGT does not have hardware switch circuit you can create a 'software switch'. Be warned, all traffic across a sw switch will be handled by the CPU, and is not offloaded onto the network ASIC. With small models (< 100D/E) this can significantly reduce performance.


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"

In Switch mode all interfaces will be treated as single interface with same subnet IP where interface mode is like normal mode with each interface act alone.


Top Kudoed Authors