A software switch, or soft switch, is a virtual switch that's implemented at the software, or firmware level, rather than the hardware level. A software switch can be used to simplify communication between devices connected to different FortiGate interfaces. For example, using a software switch, you can place the FortiGate interface connected.
- Aug 15, 2014 Interfaces can also be combined by configuring them as part of either hardware or software switches, which allow multiple interfaces to be treated as a single interface. This mode is ideal for complex networks that use different subnets to compartmentalize the network traffic. If the interface is a Hardware Switch, then your FortiGate is in.
- If the interface is a Hardware Switch, then your FortiGate is in Interface mode. How do you change the mode? If you need to change the mode your FortiGate unit is in, first make sure none of the physical ports that make up the lan or internal interface are referenced in the FortiGate configuration (for example, in a policy or DHCP server).
P h ys i ca lFortiGate units have a number of physical ports where you connect ethernet or optical cables. Depending on the model, they can have anywhere from four to 40 physical ports. Some units have a grouping of ports labelled as internal, providing a built-in switch functionality.In FortiOS, the port names, as labeled on the FortiGate unit, appear in the web-based manager in the U n i t Operation widget, found on the Dashboard. They also appear when you are configuring the interfaces, by going to S ys t e m Network Interface. As shown below, the FortiGate-100D (Generation 2) has 22 interfaces.Two of the physical ports on the FortiGate-100D (Generation 2) are SFP ports. These ports share the numbers 15 and 16 with RJ-45 ports.
Because of this, when SFP port 15 is used, RJ-45 port 15 cannot be used, and vice versa. These ports also share the same MAC address.Con f i gu r i n g the FortiGate-100D portsNormally the internal interface is configured as a single interface shared by all physical interface connections – a switch. The switch mode feature has two states – switch mode and interface mode. Switch mode is the default mode with only one interface and one address for the entire internal switch.
Interface mode enables you to configure each of the internal switch physical interface connections separately. This enables you to assign different subnets and netmasks to each of the internal physical interface connections.The larger FortiGate units can also include Advanced Mezzanine Cards (AMC), which can provide additional interfaces (Ethernet or optical), with throughput enhancements for more efficient handling of specialized traffic. These interfaces appear in FortiOS as port amc/sw1, amc/sw2 and so on. In the following illustration, the FortiGate-3810A has three AMC cards installed: two single-width (amc/sw1, amc/sw2) and one double-width (amc/dw).In t e r f ac e settingsIn S ys t e m Network Interface, you configure the interfaces, physical and virtual, for the FortiGate unit. There are different options for configuring interfaces when the FortiGate unit is in NAT mode or transparent mode.
Fortigate Difference Between Hardware And Software Switch
On FortiOS Carrier, you can also enable the Gi gatekeeper on each interface for anti-overbilling.I n t e r f ac e pageC r ea t e New Select to add a new interface, zone or, in transparent mode, port pair.For more information on configuring zones, see Zones.Depending on the model you can add a VLAN interface, a loopback inter- face, a IEEE 802.3ad aggregated interface, or a redundant interface.When VDOMs are enabled, you can also add Inter-VDOM links.I n t e r f ac e pageThe names of the physical interfaces on your FortiGate unit. This includes any alias names that have been configured.When you combine several interfaces into an aggregate or redundant inter- face, only the aggregate or redundant interface is listed, not the component interfaces.N a m eIf you have added VLAN interfaces, they also appear in the name list, below the physical or aggregated interface to which they have been added.If you have added loopback interfaces, they also appear in the interface list, below the physical interface to which they have been added. If you have software switch interfaces configured, you will be able to view them.
Fortinet Switch Comparison
If your FortiGate unit supports AMC modules, the interfaces are named amc-sw1/1, amc-dw1/2, and so on.T y p e The configuration type for the interface.I P / N e t m as k The current IP address and netmask of the interface.In VDOM, when VDOMs are not all in NAT or transparent mode some val- ues may not be available for display and will be displayed as “-”.A ccess The administrative access configuration for the interface.A d m i n i s t r a t i v e StatusIndicates if the interface can be accessed for administrative purposes. If the administrative status is a green arrow, and administrator could connect to the interface using the configured access.If the administrative status is a red arrow, the interface is administratively down and cannot be accessed for administrative purposes.L i n k Status The status of the interface physical connection. Link status can be either up (green arrow) or down (red arrow). If link status is up the interface is con- nected to the network and accepting traffic. If link status is down the inter- face is not connected to the network or there is a problem with the connection. You cannot change link status from the web-based manager, and typically is indicative of an ethernet cable plugged into the interface.Link status is only displayed for physical interfaces.M A C The MAC address of the interface.M od e Shows the addressing mode of the interface. The addressing mode can be manual, DHCP, or PPPoE.S ec ond a r y IP Displays the secondary IP addresses added to the interface.I n t e r f ac e pageM T U The maximum number of bytes per transmission unit (MTU) for the inter- face.V i r t u a l Domain The virtual domain to which the interface belongs.
This column is visible when VDOM configuration is enabled.V L A N ID The configured VLAN ID for VLAN subinterfaces.I n t e r f ac e configuration and settingsTo configure an interface, go to S ys t e m Network Interface and select C r ea t e New.N a m e Enter a name of the interface. Physical interface names cannot be changed.A li a sEnter an alternate name for a physical interface on the FortiGate unit.
This field appears when editing an existing physical interface.The alias can be a maximum of 25 characters. The alias name will not appears in logs.L i n k Status Indicates whether the interface is connected to a network (link status is U p) or not (link status is D o w n). This field appears when editing an existing physical interface.T y p eSelect the type of interface that you want to add.On some models you can set T y p e to 802. 3a d Aggregate or R e dund a n t Interface.I n t e r f ac e Displayed when T y p e is set to V L AN.Select the name of the physical interface to which to add a VLAN inter- face. Once created, the VLAN interface is listed below its physical inter- face in the Interface list.You cannot change the physical interface of a VLAN interface except when adding a new VLAN interface.Displayed when T y p e is set to V L AN.V L A N IDEnter the VLAN ID.
Software switchA software switch, or soft switch, is a virtual switch that is implemented at the software, or firmware level, rather than the hardware level. A software switch can be used to simplify communication between devices connected to different FortiGate interfaces.
For example, using a software switch, you can place the FortiGate interface connected to an internal network on the same subnet as your wireless interfaces. Then devices on the internal network can communicate with devices on the wireless network without any additional configuration such as additional security policies, on the FortiGate unit.It can also be useful if you require more hardware ports for the switch on a FortiGate unit. For example, if your FortiGate unit has a 4-port switch, WAN1, WAN2 and DMZ interfaces, and you need one more port, you can create a soft switch that can include the 4-port switch and the DMZ interface all on the same subnet. These types of applications also apply to wireless interfaces and virtual wireless interfaces and physical interfaces such as those with FortiWiFi and FortiAP unit.Similar to a hardware switch, a software switch functions like a single interface. A software switch has one IP address; all of the interfaces in the software switch are on the same subnet. Traffic between devices connected to each interface are not regulated by security policies, and traffic passing in and out of the switch are affected by the same policy.There are a few things to consider when setting up a software switch:. Ensure you create a back up of the configuration.
Ensure you have at least one port or connection such as the console port to connect to the FortiGate unit. If you accidentally combine too many ports, you will need a way to undo any errors.
The ports that you include must not have any link or relation to any other aspect of the FortiGate unit. For example, DHCP servers, security policies, and so on. For increased security, you can create a captive portal for the switch, allowing only specific user groups access to the resources connected to the switch.To create a software switch - CLIconfig system switch-interfaceedit set type switchset member endconfig system interfaceedit set ip set allowaccess https ssh pingend.