Physical ports
FortiGate has several physical ports that you can connect Ethernet or optical cables to. Depending on the FortiGate model, it can have between 4 and 40 physical ports. Some units have a grouping of ports labeled as lan, that provide built-in switch functionality.
The port names, as labeled on the FortiGate, appear in the FortiGate GUI when you configure the interfaces in Network > Interfaces. You can hover over the ports to see information about each port, such as the name of the port and the IP address. For example, the following diagram shows the 22 interfaces of the FortiGate 100 D (Generation 2) as they appear in the dashboard in the FortiGate GUI.
Two of the physical ports on the FortiGate 100D (Generation 2) are SFP ports. These ports share the numbers 15 and 16 with RJ-45 ports. Because of this, when SFP port 15 is used, RJ-45 port 15 can't be used, and vice versa. These ports also share the same MAC address.
Configuring the FortiGate 100D ports
Normally, you can configure the internal interface as a single interface that's shared by all physical interface connections (a switch). The switch mode feature has two states: switch mode and interface mode. Switch mode is the default mode, with only one interface and one address for the entire internal switch. Interface mode allows you to configure each of the physical interface connections of the internal switch separately. This allows you to assign different subnets and netmasks to each of the internal physical interface connections.
The larger FortiGate models may also include Advanced Mezzanine Cards (AMC), which can provide additional interfaces (Ethernet or optical), with throughput enhancements for more efficient handling of specialized traffic. These interfaces appear in FortiOS as port amc/sw1, amc/sw2, and so on.
Displaying information about the status of transceivers
You can display information about the status of transceivers installed in FortiGate SFP/SFP+ interfaces, in the FortiGate CLI.
The get system interface transceiver
command lists all of the SFP/SFP+ interfaces on FortiGate. If the interfaces include transceivers, the command output displays information about them, such as the vendor name, part number, and serial number. It also includes details about transceiver operation, such as temperature, voltage, and optical transmission power, which you can use to diagnose transmission problems.
The following example shows an output from using this command:
get system interface transceiver ... Interface port14 - Transceiver is not detected. Interface port15 - SFP/SFP+ Vendor Name : FIBERXON INC. Part No. : FTM-8012C-SLG Serial No. : 101680071708917 Interface port16 - SFP/SFP+ Vendor Name : FINISAR CORP. Part No. : FCLF-8521-3 Serial No. : PS62ENQ Optical Optical Optical SFP/SFP+ Temperature Voltage Tx Bias Tx Power Rx Power Interface (Celsius) (Volts) (mA) (dBm) (dBm) ------------ ------------ ------------ ------------ ------------ ------------ port15 N/A N/A N/A N/A N/A port16 N/A N/A N/A N/A N/A ++ : high alarm, + : high warning, - : low warning, -- : low alarm, ? : suspect.
You can use this command on most FortiGate models that have SFP/SFP+ interfaces.
Split port support
The 5001D 40 GB can be split into 4 10 GB ports.You can do this through a combination of hardware and software configuration. You use a specific 40 GB connector to connect to the 40 GB port and typically, the other end of the fibre optic cable connects to another 40 GB port. However, you can use a special cable that is a single 40 GB connector at one end and 4 10 GB connections at the other end. To use this setup, you also have to configure the port to be a split port.
To configure split port support - CLI:
config system global
set port-split port1 port2
end
The ports will be checked to make sure that they aren't in use or referenced by other policy configurations. If they are in use, the command is aborted. Changing the port to be a split port requires a system reboot.