Configuring network interfaces
The network interfaces that are bound to physical ports have three uses:
- Management—Ports mgmt1 and mgmt2 are management interfaces. Management interfaces are used for administrator connections and to send management traffic, like syslog and SNMP traffic. Typically, administrators use mgmt1 for the management interface.
- HA—If you plan to deploy HA, you must select a physical port for HA heartbeat and synchronization traffic. Typically, administrators use mgmt2 for the HA interface.
- Traffic—The remaining physical ports can be used for your target traffic—these are your “traffic interfaces.” The FortiDDoS system is deployed inline (between the Internet and your local network resources). Consecutively numbered ports belong to port pairs: Use an odd port numbers (1, 3, 5, and so on) for the LAN-side connection and an even port number (2, 4, 6, and so on) for the WAN-side connection. For example, port1 and port2 are a pair. The port1 interface is connected to a switch that connects servers in the local network; the port2 interface is connected to the network path that receives traffic from the Internet.
By default, 1000Base-T copper ports use auto-negotiation to determine the connection speed.
See Appendix G: SFP Compatibility Reference for more information.
Network interface status page
Management interfaces settings page
Network interface configuration guidelines
Settings | Guidelines |
---|---|
Name | Network interface name (assigned by system – non-editable) |
Speed | Auto only. |
Logical Name | Any description (maximum 15 characters) which provides more information about the network interface. |
IPv4/Netmask | Management interfaces only. Specify the IP address and CIDR-formatted subnet mask, separated by a forward slash ( / ), such as 192.0.2.5/24. Dotted quad formatted subnet masks are not accepted. |
IPv6/Prefix | Management interfaces only. Specify the IP address and CIDR-formatted subnet mask, separated by a forward slash ( / ), such as 2001:0db8:85a3:::8a2e:0370:7334/64. Dotted quad formatted subnet masks are not accepted. |
Administrative Access | Management interfaces only. Allow inbound service traffic. Select from the following options:
Note: We recommend you to enable administrative access only on network interfaces connected to trusted private networks or directly to your management computer. SNMP, Telnet and SQL should be used with care. |
Configured Status | This indicator displays Port Configured State up/down as set by the user. This state can only be changed via CLI. |
Link Status | The Link Status indicators on the Interface Configuration page display the connectivity status. A green indicator means that the link is connected and negotiation was successful. A red indicator means that the link is not connected or is down. |
Note: Settings for speed, duplex, etc. cannot be changed for mgmt1 and mgmt2. The only settings allowed to be changed are:
|
CLI commands for management ports Modifying settings: config system interface edit {mgmt1|mgmt2} set speed {auto|10half|10full|100half|100full|1000half|1000full} set status {up|down} set ip <address_ipv4> <netmask_ipv4mask> set ipv6 <address_ipv6> <netmask_ipv6mask> set logicalname {string – 16 characters a-Z, 0-9, “-“, “_”} set allowaccess {https ping ssh snmp http telnet sql} set mode {static|dhcp} set mtu end Confirming settings:
config system interface edit {mgmt1|mgmt2} show end |
CLI commands for data ports Modifying settings: config system interface edit {portX} (X=1-8|1-16 depending on model) set logicalname {string – 16 characters a-Z, 0-9, “-“, “_”} set status {up|down} end Confirming settings:
config system interface edit {portX} (X=1-8|1-16 depending on model) show end |