Fortinet black logo

Handbook

Physical ports

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:518944
Download PDF

Physical ports

FortiGate has several physical ports that you can connect Ethernet or optical cables to. Depending on the FortiGate model, it can have between 4 and 40 physical ports. Some units have a grouping of ports labeled as lan, that provide built-in switch functionality.

The port names, as labeled on the FortiGate, appear in the FortiGate GUI when you configure the interfaces in Network > Interfaces. You can hover over the ports to see information about each port, such as the name of the port and the IP address. For example, the following diagram shows the 22 interfaces of the FortiGate 100 D (Generation 2) as they appear in the dashboard in the FortiGate GUI.

Two of the physical ports on the FortiGate 100D (Generation 2) are SFP ports. These ports share the numbers 15 and 16 with RJ-45 ports. Because of this, when SFP port 15 is used, RJ-45 port 15 can't be used, and vice versa. These ports also share the same MAC address.

Configuring the FortiGate 100D ports

Normally, you can configure the internal interface as a single interface that's shared by all physical interface connections (a switch). The switch mode feature has two states: switch mode and interface mode. Switch mode is the default mode, with only one interface and one address for the entire internal switch. Interface mode allows you to configure each of the physical interface connections of the internal switch separately. This allows you to assign different subnets and netmasks to each of the internal physical interface connections.

The larger FortiGate models may also include Advanced Mezzanine Cards (AMC), which can provide additional interfaces (Ethernet or optical), with throughput enhancements for more efficient handling of specialized traffic. These interfaces appear in FortiOS as port amc/sw1, amc/sw2, and so on.

Displaying information about the status of transceivers

You can display information about the status of transceivers installed in FortiGate SFP/SFP+ interfaces, in the FortiGate CLI.

The get system interface transceiver command lists all of the SFP/SFP+ interfaces on FortiGate. If the interfaces include transceivers, the command output displays information about them, such as the vendor name, part number, and serial number. It also includes details about transceiver operation, such as temperature, voltage, and optical transmission power, which you can use to diagnose transmission problems.

The following example shows an output from using this command:

get system interface transceiver
...
Interface port14 - Transceiver is not detected.
Interface port15 - SFP/SFP+
  Vendor Name  :            FIBERXON INC.  
  Part No.     :            FTM-8012C-SLG  
  Serial No.   :            101680071708917
Interface port16 - SFP/SFP+
  Vendor Name  :            FINISAR CORP.  
  Part No.     :            FCLF-8521-3    
  Serial No.   :            PS62ENQ         

                                       Optical      Optical      Optical
SFP/SFP+     Temperature  Voltage      Tx Bias      Tx Power     Rx Power
Interface    (Celsius)    (Volts)      (mA)         (dBm)        (dBm)
------------ ------------ ------------ ------------ ------------ ------------ 
port15        N/A          N/A          N/A          N/A          N/A
port16        N/A          N/A          N/A          N/A          N/A
  ++ : high alarm, + : high warning, - : low warning, -- : low alarm, ? : suspect.

You can use this command on most FortiGate models that have SFP/SFP+ interfaces.

Split port support

The 5001D 40 GB can be split into 4 10 GB ports.You can do this through a combination of hardware and software configuration. You use a specific 40 GB connector to connect to the 40 GB port and typically, the other end of the fibre optic cable connects to another 40 GB port. However, you can use a special cable that is a single 40 GB connector at one end and 4 10 GB connections at the other end. To use this setup, you also have to configure the port to be a split port.

To configure split port support - CLI:

config system global

set port-split port1 port2

end

The ports will be checked to make sure that they aren't in use or referenced by other policy configurations. If they are in use, the command is aborted. Changing the port to be a split port requires a system reboot.

Physical ports

FortiGate has several physical ports that you can connect Ethernet or optical cables to. Depending on the FortiGate model, it can have between 4 and 40 physical ports. Some units have a grouping of ports labeled as lan, that provide built-in switch functionality.

The port names, as labeled on the FortiGate, appear in the FortiGate GUI when you configure the interfaces in Network > Interfaces. You can hover over the ports to see information about each port, such as the name of the port and the IP address. For example, the following diagram shows the 22 interfaces of the FortiGate 100 D (Generation 2) as they appear in the dashboard in the FortiGate GUI.

Two of the physical ports on the FortiGate 100D (Generation 2) are SFP ports. These ports share the numbers 15 and 16 with RJ-45 ports. Because of this, when SFP port 15 is used, RJ-45 port 15 can't be used, and vice versa. These ports also share the same MAC address.

Configuring the FortiGate 100D ports

Normally, you can configure the internal interface as a single interface that's shared by all physical interface connections (a switch). The switch mode feature has two states: switch mode and interface mode. Switch mode is the default mode, with only one interface and one address for the entire internal switch. Interface mode allows you to configure each of the physical interface connections of the internal switch separately. This allows you to assign different subnets and netmasks to each of the internal physical interface connections.

The larger FortiGate models may also include Advanced Mezzanine Cards (AMC), which can provide additional interfaces (Ethernet or optical), with throughput enhancements for more efficient handling of specialized traffic. These interfaces appear in FortiOS as port amc/sw1, amc/sw2, and so on.

Displaying information about the status of transceivers

You can display information about the status of transceivers installed in FortiGate SFP/SFP+ interfaces, in the FortiGate CLI.

The get system interface transceiver command lists all of the SFP/SFP+ interfaces on FortiGate. If the interfaces include transceivers, the command output displays information about them, such as the vendor name, part number, and serial number. It also includes details about transceiver operation, such as temperature, voltage, and optical transmission power, which you can use to diagnose transmission problems.

The following example shows an output from using this command:

get system interface transceiver
...
Interface port14 - Transceiver is not detected.
Interface port15 - SFP/SFP+
  Vendor Name  :            FIBERXON INC.  
  Part No.     :            FTM-8012C-SLG  
  Serial No.   :            101680071708917
Interface port16 - SFP/SFP+
  Vendor Name  :            FINISAR CORP.  
  Part No.     :            FCLF-8521-3    
  Serial No.   :            PS62ENQ         

                                       Optical      Optical      Optical
SFP/SFP+     Temperature  Voltage      Tx Bias      Tx Power     Rx Power
Interface    (Celsius)    (Volts)      (mA)         (dBm)        (dBm)
------------ ------------ ------------ ------------ ------------ ------------ 
port15        N/A          N/A          N/A          N/A          N/A
port16        N/A          N/A          N/A          N/A          N/A
  ++ : high alarm, + : high warning, - : low warning, -- : low alarm, ? : suspect.

You can use this command on most FortiGate models that have SFP/SFP+ interfaces.

Split port support

The 5001D 40 GB can be split into 4 10 GB ports.You can do this through a combination of hardware and software configuration. You use a specific 40 GB connector to connect to the 40 GB port and typically, the other end of the fibre optic cable connects to another 40 GB port. However, you can use a special cable that is a single 40 GB connector at one end and 4 10 GB connections at the other end. To use this setup, you also have to configure the port to be a split port.

To configure split port support - CLI:

config system global

set port-split port1 port2

end

The ports will be checked to make sure that they aren't in use or referenced by other policy configurations. If they are in use, the command is aborted. Changing the port to be a split port requires a system reboot.