Soft switch example
For this example, the wireless interface (Wi-Fi) needs to be on the same subnet as the DMZ1 interface to facilitate wireless syncing from an iPhone and a local computer. The synching between two subnets is problematic. By putting both interfaces on the same subnet, the synching will work. The software switch will accomplish this.
In this example, the soft switch includes a wireless interface. Remember to configure any wireless security before proceeding. If you leave this interface open without any password or other security, it leaves open access to not only the wireless interface but to any other interfaces and devices connected within the software switch.
Clear the interfaces and back up the configuration
First, ensure that the interfaces aren't being used with any other security policy or other use on the FortiGate. Check the Wi-Fi and DMZ1 ports to ensure that DHCP isn't enabled on the interface and there are no other dependencies with these interfaces.
Next, save the current configuration. In the event that something doesn't work, recovery can be quick.
Merge the interfaces
The plan is to merge the Wi-Fi port and DMZ1 port. This will create a software switch with a name of “synchro” with an IP address of 10.10.21.12. The following steps will create the switch, add the IP address and set administrative access for HTTPS, SSH, and Ping.
To merge the interfaces – CLI
config system switch-interface
edit synchro
set type switch
set member dmz1 wifi
next
end
config system interface
edit synchro
set ip 10.10.21.12
set allowaccess https ssh ping
next
end
Final steps
With the switch set up, you can add security policies, DHCP servers, and any other configuration that you would normally do to configure interfaces on the FortiGate.