本文共 4966 字,大约阅读时间需要 16 分钟。
Recently I have upgraded one of the new Fortigate 80C to FortiOS 5.0 and could not see the option to change switch mode to interface mode. Finally I have done it by CLI and let me share the way about how to change switch mode to interface mode in Fortigate FortiOS 5. Usually this option is available in web interface under settings of network ports in earlier FortiOS, like 4.0 and 3.0. But, I couldn’t see it in FortiOS 5.0.
Fortigate is one of the best hardware device which can do lot of things in firewall, network security, internet proxy, VPN and more. You can find more information about their products, features and more technical details .
I’m not sure whether I have missed the correct place to see the option to change switch mode to interface mode in FortiOS 5 web interface, anyhow here is the way to do that in CLI ( Command Line Interface).
Basically 3 steps involved in this process.
1) Complete the prerequisites to change the mode
2) Change the mode from Switch mode to interface mode
3) Configure the network and allow access to a particular network port.
1) Prerequisites to change the mode
You must disable DHCP service on the Fortigate device and remove the any policies related to internal interface.
Below is the Fortigate device 80C in switch mode. All interfaces are combined together as single ‘internal’interface. In this case, we can’t have different settings ( IPs, policies etc) for every port in this device.
a) To remove DHCP, click on the ‘internal’ and press edit. Deselect the check box of DHCP server as shown below.
b) Remove any policies which are related to ‘internal’ port, normally you will find only one policy.
Now we are ready to change the mode.
2) Changing from Switch mode to interface mode.
As said earlier, we should use CLI to complete this task. Use serial cable and any telnet client software for this purpose. If you like to use built in
Login with default default credentials which username is admin and no password.
Type following command,
config system global set internal-switch-mode interface end
Once the device is rebooted, it will not have any network settings. Therefore, we must configure IP address and allowed access (http or https) to a particular network port which can be accessed through network cable and internet browser later.
3) Configure the network and allow access to a network port
Earlier we have changed switch port mode to interface mode. Now the device will have n number of individual network ports which can have individual settings and policies. After changing the mode, these ports will not have any settings, even no default IP address. Use the same CLI to configure IP and allow http or https access to a particular network port so that can be accessed via network.
The following video explains it well.
To configure the access, ( below example shows how to allow access of https and http on particular port)
config system interfaceeditset allowaccess http httpsend
By above three steps you should be able to change your Fortigate device from switch mode to interface mode in FortiOS 5 with CLI. This will enable you to have separate settings and configurations for every network port.
| Description | How to change from switch mode to interface mode. | ||
| Components |
| ||
| Steps or Commands | IssueThe models listed above allow you to change the Internal interface from 1 interface (called switch mode) to multiple(*) separate interfaces (called interface mode). When changing between modes, the name of the internal interface can cause an error that prevents the change from happening. (*) The number of separate interfaces available when changing to interface mode depends on the FortiGate model. For example, the FortiGate-200A will provide 4 separate interfaces, the FortiGate-60B / FortiWifi-60B / FortiGate-80C provide 6 separate interfaces, the FortiGate Voice-80C / FortiGate-110C provide 8 separate interfaces. Solution The rename command used in this solution is only applicable up to and including FortiOS v4.0 MR1. Change the name of the internal interface using the CLI before changing the mode. This will avoid the error, and allow the change to happen properly. Before changing the mode from switch to interface:
Before changing the mode from interface to switch:
Please also check the related article "Troubleshooting Tip : Error message 'Interface switch is in use' or 'Interface internal is in use' or 'Entry is used' when changing internal-switch-mode" |
w
e are looking at all dependencies for the interface
called "inter
nal"
转载地址:http://ychvi.baihongyu.com/