New feature: FortiGate Hardware Switch Interface. Published on Juni 21, 2013 in Firmware / Software and Fortinet. 6 Comments Tags: FortiGate, hardware, switch.

This section contains information to help you determine which internal switch mode your FortiGate should use, a decision that should be made before the FortiGate is installed. What is the internal switch mode? The internal switch mode determines how the FortiGate’s physical ports are managed by the FortiGate. The two main modes are Switch mode and mode.

Internal switch mode was removed in 5.4. What are Switch mode and Interface mode and why are they used?

In Switch mode, all the internal interfaces are part of the same and treated as a single interface, called either or internal by default, depending on the FortiGate model. Switch mode is used when the network layout is basic, with most users being on the same subnet.

In Interface mode, the physical interfaces of the FortiGate unit are handled individually, with each interface having its own. Interfaces can also be combined by configuring them as part of either hardware or software switches, which allow multiple interfaces to be treated as a single interface.

This mode is ideal for complex networks that use different subnets to compartmentalize the network traffic. Which mode is your FortiGate in by default?

The default mode that a FortiGate starts in varies depending on the model. To determine which mode your FortiGate unit is in, go to System > Network > Interfaces.

Locate the lan or internal interface. If the interface is listed as a Physical Interface in the Type column, then your FortiGate is in Switch mode.

If the interface is a, then your FortiGate is in Interface mode. How do you change the mode? If you need to change the mode your FortiGate unit is in, first make sure none of the physical ports that make up the lan or internal interface are referenced in the FortiGate configuration (for example, in a policy or server). If you FortiGate model has a Switch Controller, you may need to disable it before you can change the internal switch mode.

Go to System > Dashboard > Status and enter either of the following commands into the Console: • Command to change the FortiGate to switch mode: config system global set internal-switch-mode switch exit • Command to change the FortiGate to interface mode: config system global set internal-switch-mode interface exit [download-attachments].

Hi Guys i am trying to configure a fortigate 100d unit. After resetting to factory settings, the unit defaults to 1 hardware swtich without any vlan tagging. I am trying to create a situation where different ports interfaces will have different vlan tags. (e.g port 10 will have vlan tag 10 and port 12 will have vlan tag 12) all i see is an option to create software hardware switches, assign interfaces into them and then create vlans. But, doing this forces to use a different subnet than the one i want since i have to give the software hardware switch an ip address.

To make a long story short. Is there a 'right way' to make fortigate 100d 'vlan friendly'? Do yourself a favor and avoid the software switch functionality if at all possible. Using a software switch prevents any functionality from being offloaded to the ASIC chips in your Fortigate.

Which causes performance issues under load. For the situations where I've wanted to use VLANs directly on the FGT, I've used the virtual switch functionality.

Config sys virtual-switch Create the interfaces that you want, including the physical ports you want for each. You'll see these new virtual interfaces appear in your interface list. Then create/edit those new interfaces with your tagging options.

There are some quirks with VLANs on Fortigates. Cause it's not designed to be a L3 switch, but you can usually accomplish what you need. VLAN INFO for 5.4 http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-networking-54/Interfaces/VLANs/VLANs%20in%20NAT%20mode.htm. Do yourself a favor and avoid the software switch functionality if at all possible. Using a software switch prevents any functionality from being offloaded to the ASIC chips in your Fortigate. Which causes performance issues under load.

For the situations where I've wanted to use VLANs directly on the FGT, I've used the virtual switch functionality. Config sys virtual-switch Create the interfaces that you want, including the physical ports you want for each. You'll see these new virtual interfaces appear in your interface list. Then create/edit those new interfaces with your tagging options. There are some quirks with VLANs on Fortigates.