{"id":2259,"date":"2022-06-22T22:46:17","date_gmt":"2022-06-22T20:46:17","guid":{"rendered":"https:\/\/itsimple.info\/?p=2259"},"modified":"2022-06-22T22:46:19","modified_gmt":"2022-06-22T20:46:19","slug":"how-to-change-fortigate-switch-mode","status":"publish","type":"post","link":"https:\/\/itsimple.info\/?p=2259","title":{"rendered":"How To change Fortigate Switch mode"},"content":{"rendered":"\n

Solution<\/strong>
In 5.2 the port configuration could be changed by using the following commands:<\/p>\n\n\n\n

1) Command to change the FortiGate to switch mode:
config system global<\/em>
   set internal-switch-mode switch<\/em>
end<\/em><\/p>\n\n\n\n

2) Command to change the FortiGate to interface mode:<\/p>\n\n\n\n

config system global<\/em>
   set internal-switch-mode interface<\/em>
end<\/em><\/p><\/blockquote>\n\n\n\n

After this change the unit had to be rebooted and instead of a combined \u201cinternal\u201d switch the unit showed individual ports.<\/p>\n\n\n\n

In 5.4 the commands have been changed.<\/p>\n\n\n\n

In 5.4 some of the configuration modules were removed and changed. If you upgraded your unit with switch mode interface, the configuration is adapted.<\/p>\n\n\n\n

However, with factory resets or brand new units the default setting is that all ports are in the hardware switch.<\/p>\n\n\n\n

In order to have separate ports instead of running them in a switch, the configuration changes can be made as follows for new or factory reset units.<\/p>\n\n\n\n

Step 1 – Remove all policies referencing \u201cinternal\u201d or \u201clan\u201d.<\/p>\n\n\n\n

FWF90D3Z13xxxxxx (policy) # show<\/em>
config firewall policy<\/em>
    edit 1<\/em>
        set uuid 1dac0956-0e3f-51e7-9b91-b653bdf8af55<\/em>
        set srcintf “lan”<\/em>
        set dstintf “wan1”<\/em>
        set srcaddr “all”<\/em>
        set dstaddr “all”<\/em>
        set action accept<\/em>
        set schedule “always”<\/em>
        set service “ALL”<\/em>
        set nat enable<\/em>
    next<\/em>
end<\/em>

FWF90D3Z13xxxxxx (policy) # purge    —-{ Caution! This will remove all policies<\/em>
This operation will clear all table!<\/em>
Do you want to continue? (y\/n)y<\/em><\/p><\/blockquote>\n\n\n\n

Step 2 (For WiFi units only) – Remove “internal” from software switch interface “lan”.<\/p>\n\n\n\n

FWF90D3Z13xxxxxx # config system switch-interface<\/em>
FWF90D3Z13xxxxxx (switch-interface) # edit lan<\/em>
FWF90D3Z13xxxxxx (lan) # show<\/em>
config system switch-interface<\/em>
    edit “lan”<\/em>
        set vdom “root”<\/em>
        set member “wifi” “internal”<\/em>
    next<\/em>
end<\/em>
FWF90D3Z13xxxxxx (lan) # set member wifi<\/em>
FWF90D3Z13xxxxxx (lan) # end<\/em>

FWF90D3Z13xxxxxx (switch-interface) # show<\/em>
config system switch-interface<\/em>
    edit “lan”<\/em>
        set vdom “root”<\/em>
        set member “wifi”<\/em>
    next<\/em>
end<\/em><\/p><\/blockquote>\n\n\n\n

Step 3 \u2013 Remove all (or individual ports) from the virtual switch.<\/p>\n\n\n\n

FWF90D3Z13xxxxxx # config system virtual-switch<\/em>
FWF90D3Z13xxxxxx (virtual-switch) # show<\/em>
config system virtual-switch<\/em>
    edit “internal”<\/em>
        set physical-switch “sw0”<\/em>
        config port<\/em>
            edit “internal1”<\/em>
            next<\/em>
            edit “internal2”<\/em>
            next<\/em>
            edit “internal3”<\/em>
            next<\/em>
            edit “internal4”<\/em>
            next<\/em>
            edit “internal5”<\/em>
            next<\/em>
            edit “internal6”<\/em>
            next<\/em>
            edit “internal7”<\/em>
            next<\/em>
            edit “internal8”<\/em>
            next<\/em>
            edit “internal9”<\/em>
            next<\/em>
            edit “internal10”<\/em>
            next<\/em>
            edit “internal11”<\/em>
            next<\/em>
            edit “internal12”<\/em>
            next<\/em>
            edit “internal13”<\/em>
            next<\/em>
            edit “internal14”<\/em>
            next<\/em>
        end<\/em>
    next<\/em>
end<\/em>

FWF90D3Z13xxxxxx (virtual-switch) # purge    —-{ Caution! This will remove all ports.<\/em>
This operation will clear all table!<\/em>
Do you want to continue? (y\/n)y<\/em><\/p><\/blockquote>\n\n\n\n

If only remove some ports are to be removed from the switch, instead of \u201cpurge\u201d enter:<\/em><\/em><\/p>\n\n\n\n

FWF90D3Z13xxxxxx # config system virtual-switch<\/em>
FWF90D3Z13xxxxxx (internal) # config port<\/em>
FWF90D3Z13xxxxxx (port) # <\/em>
FWF90D3Z13xxxxxx (port) # delete internal1<\/em>
FWF90D3Z13xxxxxx (port) # end<\/em><\/p><\/blockquote>\n\n\n\n

After removing the ports from the hardware switch the configuration of policies, routes and interface settings for each port can be completed.<\/p>\n\n\n\n

Good Luck<\/p><\/blockquote><\/figure>\n","protected":false},"excerpt":{"rendered":"

SolutionIn 5.2 the port configuration could be changed by using the following commands: 1) Command to change the FortiGate to switch mode:config system global   set internal-switch-mode switchend 2) Command to change the FortiGate to interface mode: config system global   set internal-switch-mode interfaceend After this change the unit had to be rebooted and instead of a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,12],"tags":[],"class_list":["post-2259","post","type-post","status-publish","format-standard","hentry","category-tech","category-tutorials"],"_links":{"self":[{"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/posts\/2259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/itsimple.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2259"}],"version-history":[{"count":0,"href":"https:\/\/itsimple.info\/index.php?rest_route=\/wp\/v2\/posts\/2259\/revisions"}],"wp:attachment":[{"href":"https:\/\/itsimple.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/itsimple.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/itsimple.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}