Converting a new fortigate from a switch port mode to interfaces

Most of  the lower-end  fortigates  models  have an internal switch. This is a group of ports acting like a Layer2 switch. Some times the need arise for more additional unique ports. So for example, a  Fortigate 60D has 7 ports in a switchport grouping. If we wanted to make this as a 7x interface-mode-ports,  we  wlll need to execute a few commands for changing the switch to useable port interfaces.

I will demo this using a FGT110C model.

1st you will set the system global configuration ;

( set internal-switch-mode interface )

2nd, if you have a new firewall or even a existing one, you will need to remove all references to the "switch". This means;

•    firewall policy
•    vpn configs
•    dhcp-server
•    ip address
•    etc.......

Here we only have a single firewall policy, so we will purge it.

 NOTE:  the purge is like a delete all,  great when you have hundreds of policies use it with caution 

3rd

You will  need to reboot when making this type of change ( switch to interface-ports )

After the completion, you will have either new interfaces named port or internal  1,2,3,etc  depending on the model of firewall

e.g ( FGT110C  4.0 MR3p18 )

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com


   ^      ^
=(  $  $ )=
       o 
      /  \