Setting Up Fortigate Interface Mode and Soft-Switch

Often times it is advantageous to divide up the internal swtich into individual interfaces.  Reasons for doing this include additioanl hardware port for routing, or additional ports to implement one-arm sniffers.  The following are some of the commands necessary to accomplish this.

To put a FortiGate in Interface mode:

config system global
set internal-switch-mode interface

To create a software-switch

config system switch-interface
edit name (example SW1-3)
set member internal1 internal2 internal3 (the names may be different depending on firmware and model,  you can use the tab key to scroll through valid names)..
set vdom root

To assign an IP address and management access to the software-switch

config system interface
edit SW1-3
set ip address and mask (example
set allowaccess ping https ssh

For IT Support and InfoSec services in the Dayton, Ohio area please visit our web site at


Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: