Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
papapuff
New Contributor II

ask - change interface on FG60D

hi there,

 

need help,

can interface on FG-60D change into individual interface, not act as switch?

I've 100D, and the interface can be changed to individual port or act as a switch, or both.

if can, how to do that?

 

thank you

3 Solutions
ede_pfau
Esteemed Contributor III

hi,

 

yes, you can split the 'internal' switch into individual ports 'internal1'...'internal7'.

First, you have to remove all references to the 'internal' port. This includes

- policies

- static routes

- DHCP servers

- any port-associated address objects and VIPs

Then, you enter

config sys global
   set internal-switch-mode interface
end
The FGT will reboot after that.

Make sure before you begin that you either connect to the FGT on the console port or any other port which is not 'internal'.


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
Ralph1973

Hello,

Don't forget to remove policies, dhcp server and objects that refer to the switch ports. Then you can switch to interface mode. Also there might be a referal to use ntp on the switchport.

 

Grtz. Ralph

 

 

ede_pfau wrote:

hi,

 

yes, you can split the 'internal' switch into individual ports 'internal1'...'internal7'.

First, you have to remove all references to the 'internal' port. This includes

- policies

- static routes

- DHCP servers

- any port-associated address objects and VIPs

Then, you enter

config sys global
   set internal-switch-mode interface
end
The FGT will reboot after that.

Make sure before you begin that you either connect to the FGT on the console port or any other port which is not 'internal'.

View solution in original post

AndreaSoliva
Contributor III

Hi all

 

This what is normaly used on every device as long it can be configured in interface mode is following:

 

config firewall policy

purge

 

NOTE with purge everything within the policy container will be deleted meaning every policy will be deleted. Answer with yes!

 

config firewall dhcp server

purge

 

NOTE with purge everything within the dhcp server container will be deleted meaning every entry will be deleted. Answer with yes!

 

       # config sys global        # set internal-switch-mode interface        # end        changing switch mode will reboot the system!        Do you want to continue? (y/n)y

 

PLEASE NOTE For the newest release of FortiGate 60D you will recognize that the interface mode is ALREADY in interface mode. If you look deeper into it you will recognized that latest revision of FortiGate 60D (first time recognized in January 2015) has a Hardware Switch like the FG-100D up to Revision/Generation 3. If you have such a device you have to splitt out the interface's over the gui. If you do so you will note that the last two interfaces can not be splitted out. The reason is behind this is configured a virtuelle hardware switch which helds the interfaces together. But also this one can be deleted which means:

 

       # config system virtual-switch        # get        == [ lan ]        name: lan           # del lan        # get        # end

 

Thats it...have fun

 

Andrea

View solution in original post

4 REPLIES 4
ede_pfau
Esteemed Contributor III

hi,

 

yes, you can split the 'internal' switch into individual ports 'internal1'...'internal7'.

First, you have to remove all references to the 'internal' port. This includes

- policies

- static routes

- DHCP servers

- any port-associated address objects and VIPs

Then, you enter

config sys global
   set internal-switch-mode interface
end
The FGT will reboot after that.

Make sure before you begin that you either connect to the FGT on the console port or any other port which is not 'internal'.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Ralph1973

Hello,

Don't forget to remove policies, dhcp server and objects that refer to the switch ports. Then you can switch to interface mode. Also there might be a referal to use ntp on the switchport.

 

Grtz. Ralph

 

 

ede_pfau wrote:

hi,

 

yes, you can split the 'internal' switch into individual ports 'internal1'...'internal7'.

First, you have to remove all references to the 'internal' port. This includes

- policies

- static routes

- DHCP servers

- any port-associated address objects and VIPs

Then, you enter

config sys global
   set internal-switch-mode interface
end
The FGT will reboot after that.

Make sure before you begin that you either connect to the FGT on the console port or any other port which is not 'internal'.

papapuff
New Contributor II

hi there.

 

Just arrive my device. forticare later will be sent.

 

anyway, I've tried with usb management, but return an error.

Interface internal is in use attribute set operator error, -23, discard the setting Command fail. Return code -23

 

I access via fortiexplorer. I long not to use the fortigate. may be I make mistake.

 

need help please.

 

thanks.

AndreaSoliva
Contributor III

Hi all

 

This what is normaly used on every device as long it can be configured in interface mode is following:

 

config firewall policy

purge

 

NOTE with purge everything within the policy container will be deleted meaning every policy will be deleted. Answer with yes!

 

config firewall dhcp server

purge

 

NOTE with purge everything within the dhcp server container will be deleted meaning every entry will be deleted. Answer with yes!

 

       # config sys global        # set internal-switch-mode interface        # end        changing switch mode will reboot the system!        Do you want to continue? (y/n)y

 

PLEASE NOTE For the newest release of FortiGate 60D you will recognize that the interface mode is ALREADY in interface mode. If you look deeper into it you will recognized that latest revision of FortiGate 60D (first time recognized in January 2015) has a Hardware Switch like the FG-100D up to Revision/Generation 3. If you have such a device you have to splitt out the interface's over the gui. If you do so you will note that the last two interfaces can not be splitted out. The reason is behind this is configured a virtuelle hardware switch which helds the interfaces together. But also this one can be deleted which means:

 

       # config system virtual-switch        # get        == [ lan ]        name: lan           # del lan        # get        # end

 

Thats it...have fun

 

Andrea

Top Kudoed Authors