Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cborgato_FTNT
Staff
Staff

Created on ‎04-28-2016 07:10 AM Edited on ‎03-30-2022 10:40 PM By Anonymous

Article Id 194100

Technical Tip : How to disable Internal Switch on v5.4

Description

This articles shows how to configure Internal Switch on v5.4 entry level devices.

Internal Switch configuration has been changed between v5.2 and v5.4.  This article provides the config changes for the model FWF-30E.  The first step is mandatory for the FWF-30E model, the remaining steps should be the same for all the entry level model D and E.


Solution

Internal switch interface configuration when factory reset on v5.4 looks as follows.


Switch-interface
FWF30E # show system switch-interface
config system switch-interface
    edit "internal"
        set vdom "root"
        set member "wifi" "lan"
    next
end

Virtual-switch
FWF30E # show config system virtual-switch
config system virtual-switch
    edit "lan"
        set physical-switch "sw0"
        config port
            edit "lan1"
            next
            edit "lan2"
            next
            edit "lan3"
            next
            edit "lan4"
            next
        end
    next
end

Interfaces (only the ones of interest have been shown)
FWF30E # show system interface
config system interface
    edit "lan"
        set vdom "root"
        set type hard-switch
        set stp enable
        set snmp-index 4
    next
    edit "wifi"
        set vdom "root"
        set type vap-switch
        set role lan
        set snmp-index 5
    next
    edit "internal"
        set vdom "root"
        set ip 192.168.1.99 255.255.255.0
        set allowaccess ping https ssh http fgfm capwap
        set type switch
        set listen-forticlient-connection enable
        set role lan
        set snmp-index 6
    next
end


Step 1

Check and remove the virtual-switch “lan” from switch-interface (this is mandatory for the FWF-30E).
FWF30E (internal) # show
FWF30E # config system switch-interface
FWF30E (internal) # edit "internal"
FWF30E (internal) # set member wifi
FWF30E (internal) # show
config system switch-interface
    edit "internal"
        set vdom "root"
        set member "wifi"
    next
end
FWF30E (internal) # end

Step 2

Delete the virtual-switch interface.
FWF30E # config system virtual-switch
FWF30E (virtual-switch) # show
FWF30E (virtual-switch) # delete lan
FWF30E (virtual-switch) # show
config system virtual-switch
end
FWF30E (virtual-switch) # end

Step 3

Check that there are 4 different interface ‘lan’s (only the ones of interest have been shown).
FWF30E # show system interface
config system interface
     edit "lan4"
        set vdom "root"
        set type physical
        set snmp-index 8
    next
    edit "lan3"
        set vdom "root"
        set type physical
        set snmp-index 9
    next
    edit "lan2"
        set vdom "root"
        set type physical
        set snmp-index 10
    next
    edit "lan1"
        set vdom "root"
        set type physical
        set snmp-index 4
    next
end

 

Related Articles

Technical Note: Comparison of FortiGate Switch Mode configs between v5.2 and v5.4

Troubleshooting Tip: Error message "Interface switch is in use" or "Interface internal is in use" or...

Labels:
7017
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.