Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
slouw
Contributor

Created on ‎10-03-2023 11:14 PM Edited on ‎10-03-2023 11:15 PM

40F Physical ports, hard-switch Disambiguation, Default config

Good Day

I have a Fortigate 40F and I wish to understand a few elements as shown in the screenshot.

I have executed an execute factoryreset and no other changes.

I can see in the output below interfaces that correspond to the physical interfaces I see on the box.

These are the lan1, lan2, lan3, a and wan interfaces. These all are physical copper ports on the device.

the wan interface has DHCP in by default and has gained an IP address as the port is connected to a Starlink unit.

Q1 What is the "lan" interface? I see that type = hard-switch. Maybe this represents an internal L3 interface?

Q2 What is the relation between the "lan" "hard-switch" and the physical ports mentioned above i.e. lan1, lan2, lan3, a? Can it be these are by default L2 ports in the same L2 domain on the hard-switch? Presumably if so the static address 192.168.1.99/24 is part of the default config?

 

Any comments to disambiguate appreciated

Thanks

2023-10-04 15h42m24s16 .jpg

Labels:
623
0 Kudos
1 Solution
mle2802
Staff
Staff

Created on ‎10-04-2023 07:30 AM

Hi @slouw

That is a hardware switch and it is by default. Please refer to this document for more information "https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/100999/hardware-switch"

Regards,
Minh

View solution in original post

596
2 REPLIES 2
mle2802
Staff
Staff

Created on ‎10-04-2023 07:30 AM

Hi @slouw

That is a hardware switch and it is by default. Please refer to this document for more information "https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/100999/hardware-switch"

Regards,
Minh

597
Toshi_Esumi
SuperUser
SuperUser

Created on ‎10-04-2023 09:35 AM

The hard-switch is explained in the admin guide @mle2802 provided the link to with an example on FG60E. For 40F specifically,

 

"lan" hard-switch (192.168.1.99/24 by default) = "lan1" + "lan2" + "lan3".

In CLI:
config system virtual-switch

    edit "lan"

        set physical-switch "sw0"

        config port

            edit "lan1"

            next

            edit "lan2"

            next

            edit "lan3"

            next

        end

    next

end

 

The "a" port is by default configured as the sole member of "fortilink" LAG/LACP interface so that I can be connected to FortiSwitch(es) to control. You can change it to be a part of the hard-switch "lan" interface if you want to.

I think it can be done by GUI as well but I've so far done it through CLI. You first need to remove "fortilink" interface since you can't leave "fortilink" empty without any members.

"fortilink" is referred in NTP server config and DHCP server config. You can remove them like below:

config system dhcp server
  del 2
end
 
config system ntp
  set server-mode disable
end

The you can remove "fortilink" interface.

config system interface
  del fortilink
end

Then you can put "a" interface in the "lan" hard-switch.

 

Toshi

589
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.