Often times it is advantageous to divide up the internal swtich into individual interfaces. Reasons for doing this include additioanl hardware port for routing, or additional ports to implement one-arm sniffers. The following are some of the commands necessary to accomplish this.
To put a FortiGate in Interface mode:
config system global
set internal-switch-mode interface
To create a software-switch
config system switch-interface
edit name (example SW1-3)
set member internal1 internal2 internal3 (the names may be different depending on firmware and model, you can use the tab key to scroll through valid names)..
set vdom root
To assign an IP address and management access to the software-switch
config system interface
set ip address and mask (example 192.168.1.1 255.255.255.0)
set allowaccess ping https ssh
For IT Support and InfoSec services in the Dayton, Ohio area please visit our web site at www.quanexus.com