Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
trixxmanaty
New Contributor

remove another Physical Interface Member in Fortinet 60d

Hi all,

 

How do I remove a physical interface member in Fortigate 60D. running version v5.2.3,build670 (GA)

I would like to use on Internal 1 which is linked to our LAN. can't find a way to remove internal 7.

 

Thanks

9 REPLIES 9
iJake
Contributor

You can turn your "Switch mode" to interface using the following

 

config system global

set internal-switch-mode interface

end

 

On some units, the default is to group interfaces in to a switch.

 

Read more here

http://docs-legacy.fortin...stallation.023.05.html

......

-Jake

...... -Jake
gschmitt
Valued Contributor

iJake wrote:

You can turn your "Switch mode" to interface using the following

It already is, if you look at the screenshot.

 

Normally you should be able to remove it by clicking the small X when you mouse over the interface. Does this not appear/work?

Which browser are you using? I recommend using Firefox

trixxmanaty
New Contributor

The X is not showing when I try to remove it. But I'm able to add other interfaces. I have tried using Safari and Google Chrome.

gschmitt

trixxmanaty wrote:

The X is not showing when I try to remove it. But I'm able to add other interfaces. I have tried using Safari and Google Chrome.

Yeah that looks like a visual bug, I'd always recommend firefox for the FortiOS GUI

 

in case you'd like to solve this via the CLI:

config system switch-interface
    edit internal // your switch name
         set member internal1 // List of interfaces you'd like to remain
    next
end

net1
New Contributor

Hi,

 

did you check if it's in use somewhere? As long as there's an entry referring to this interface you can't remove it. The easiest way: Check your config with an editor and have a search for 'internal7' ...

-

300C x1, 200E x4, 240D x2, 200D x4, 101E x2, 100E x4, 100D x12, 80C x2, 70D x2, 61E x2, 60E x2, 60D x30, 60C x24, 60B x9, 50E x20, 50B x17, 40C x17, 30E x3

FortiMail VMs

FortiAnalyzer VMs

FortiSandbox (testrun)

- 300C x1, 200E x4, 240D x2, 200D x4, 101E x2, 100E x4, 100D x12, 80C x2, 70D x2, 61E x2, 60E x2, 60D x30, 60C x24, 60B x9, 50E x20, 50B x17, 40C x17, 30E x3 FortiMail VMs FortiAnalyzer VMs FortiSandbox (testrun)
ede_pfau

The reason is that a hardware-switch needs at least 2 port members. Unless you kill the switch in CLI you won't get at the second member port. I'm in the same position as you both, and am still looking for the correct way to solve this (due to lack of time).


Ede


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
net1
New Contributor

Hmmm ... so the only way ist to schedule a downtime - edit the config by hand - and upload it again ... :(

-

300C x1, 200E x4, 240D x2, 200D x4, 101E x2, 100E x4, 100D x12, 80C x2, 70D x2, 61E x2, 60E x2, 60D x30, 60C x24, 60B x9, 50E x20, 50B x17, 40C x17, 30E x3

FortiMail VMs

FortiAnalyzer VMs

FortiSandbox (testrun)

- 300C x1, 200E x4, 240D x2, 200D x4, 101E x2, 100E x4, 100D x12, 80C x2, 70D x2, 61E x2, 60E x2, 60D x30, 60C x24, 60B x9, 50E x20, 50B x17, 40C x17, 30E x3 FortiMail VMs FortiAnalyzer VMs FortiSandbox (testrun)
ede_pfau

Kind of.

The "switch" is a virtual object, called a virtual-switch. It contains at least one hardware switch called a physical-switch. to get hold of all interfaces you can delete the virtual-switch:

config system virtual-switch

    edit "internal"
        set physical-switch "sw0"
            config port
                edit "internal1"
                next
                edit "internal2"
                next
            end
    next
end So here you enter 'delete internal' to delete the virtual-switch. In order to do this, first all references to 'internal' have to be removed from the config. At that point I just let it be.

 

Remember that even the default config (after 'exec factoryreset') has references to 'internal', such as a static route, a DHCP server and a policy. So this is something you better do at the very beginning of configuration.


Ede


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Chaitanya

Hi 

I am using Fortigate 60D with firmware 5.2.7 I am facing some issue like whenever I update any configuration in internal switch (Hardware Switch) its Keep asking for SPAN port,but here I am using only Single fortigate firewall. Please Help me to resolve this.

Labels
Top Kudoed Authors