Fortinet black logo

Handbook

Soft switch example

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:207399
Download PDF

Soft switch example

For this example, the wireless interface (Wi-Fi) needs to be on the same subnet as the DMZ1 interface to facilitate wireless syncing from an iPhone and a local computer. The synching between two subnets is problematic. By putting both interfaces on the same subnet, the synching will work. The software switch will accomplish this.

In this example, the soft switch includes a wireless interface. Remember to configure any wireless security before proceeding. If you leave this interface open without any password or other security, it leaves open access to not only the wireless interface but to any other interfaces and devices connected within the software switch.

Clear the interfaces and back up the configuration

First, ensure that the interfaces aren't being used with any other security policy or other use on the FortiGate. Check the Wi-Fi and DMZ1 ports to ensure that DHCP isn't enabled on the interface and there are no other dependencies with these interfaces.

Next, save the current configuration. In the event that something doesn't work, recovery can be quick.

Merge the interfaces

The plan is to merge the Wi-Fi port and DMZ1 port. This will create a software switch with a name of “synchro” with an IP address of 10.10.21.12. The following steps will create the switch, add the IP address and set administrative access for HTTPS, SSH, and Ping.

To merge the interfaces – CLI

config system switch-interface

edit synchro

set type switch

set member dmz1 wifi

next

end

config system interface

edit synchro

set ip 10.10.21.12

set allowaccess https ssh ping

next

end

Final steps

With the switch set up, you can add security policies, DHCP servers, and any other configuration that you would normally do to configure interfaces on the FortiGate.

Soft switch example

For this example, the wireless interface (Wi-Fi) needs to be on the same subnet as the DMZ1 interface to facilitate wireless syncing from an iPhone and a local computer. The synching between two subnets is problematic. By putting both interfaces on the same subnet, the synching will work. The software switch will accomplish this.

In this example, the soft switch includes a wireless interface. Remember to configure any wireless security before proceeding. If you leave this interface open without any password or other security, it leaves open access to not only the wireless interface but to any other interfaces and devices connected within the software switch.

Clear the interfaces and back up the configuration

First, ensure that the interfaces aren't being used with any other security policy or other use on the FortiGate. Check the Wi-Fi and DMZ1 ports to ensure that DHCP isn't enabled on the interface and there are no other dependencies with these interfaces.

Next, save the current configuration. In the event that something doesn't work, recovery can be quick.

Merge the interfaces

The plan is to merge the Wi-Fi port and DMZ1 port. This will create a software switch with a name of “synchro” with an IP address of 10.10.21.12. The following steps will create the switch, add the IP address and set administrative access for HTTPS, SSH, and Ping.

To merge the interfaces – CLI

config system switch-interface

edit synchro

set type switch

set member dmz1 wifi

next

end

config system interface

edit synchro

set ip 10.10.21.12

set allowaccess https ssh ping

next

end

Final steps

With the switch set up, you can add security policies, DHCP servers, and any other configuration that you would normally do to configure interfaces on the FortiGate.