Fortinet black logo

Handbook

Software switch

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:920701
Download PDF

Software switch

A software switch, or soft switch, is a virtual switch that's implemented at the software, or firmware, level rather than the hardware level. You can use a software switch to simplify communication between devices connected to different FortiGate interfaces. For example, using a software switch, you can place the FortiGate interface connected to an internal network on the same subnet as your wireless interfaces. Then, devices on the internal network can communicate with devices on the wireless network without you having to do more configuration, such as configuring additional security policies, on the FortiGate.

It can also be useful if you require more hardware ports for the switch on a FortiGate. For example, if your FortiGate device has a 4-port switch, WAN1, WAN2 and DMZ interfaces, and you need another port, you can create a soft switch that can include the 4-port switch and the DMZ interface all on the same subnet. These types of applications also apply to wireless interfaces and virtual wireless interfaces and physical interfaces, such as the interfaces on FortiWiFi and FortiAP devices.

Similar to a hardware switch, a software switch functions as a single interface. A software switch has one IP address and all of the interfaces on the software switch are on the same subnet. Traffic between devices connected to each interface aren't regulated by security policies, and traffic passing in and out of the switch are affected by the same policy.

You should consider the following items when you set up a software switch:

  • Create a backup of the configuration.
  • Make sure that you have at least one port or connection, such as the console port, to connect to the FortiGate. If you combine too many ports, you won't have a way to undo any errors.
  • The ports that you include must not have any link or relation to any other aspect of the FortiGate. For example, DHCP servers, security policies, and so on.
  • For increased security, you can create a captive portal for the switch, and allow only specific user groups to access the resources connected to the switch.
  • To add an interface to a software switch, the existing configuration can't reference the interface. Its IP address must be set to 0.0.0.0/0.0.0.0.
To create a software switch – CLI

config system switch-interface

edit <switch-name>

set type switch

set member <interface_list>

next

end

config system interface

edit <switch_name>

set ip <ip_address>

set allowaccess https ssh ping

next

end

Software switch

A software switch, or soft switch, is a virtual switch that's implemented at the software, or firmware, level rather than the hardware level. You can use a software switch to simplify communication between devices connected to different FortiGate interfaces. For example, using a software switch, you can place the FortiGate interface connected to an internal network on the same subnet as your wireless interfaces. Then, devices on the internal network can communicate with devices on the wireless network without you having to do more configuration, such as configuring additional security policies, on the FortiGate.

It can also be useful if you require more hardware ports for the switch on a FortiGate. For example, if your FortiGate device has a 4-port switch, WAN1, WAN2 and DMZ interfaces, and you need another port, you can create a soft switch that can include the 4-port switch and the DMZ interface all on the same subnet. These types of applications also apply to wireless interfaces and virtual wireless interfaces and physical interfaces, such as the interfaces on FortiWiFi and FortiAP devices.

Similar to a hardware switch, a software switch functions as a single interface. A software switch has one IP address and all of the interfaces on the software switch are on the same subnet. Traffic between devices connected to each interface aren't regulated by security policies, and traffic passing in and out of the switch are affected by the same policy.

You should consider the following items when you set up a software switch:

  • Create a backup of the configuration.
  • Make sure that you have at least one port or connection, such as the console port, to connect to the FortiGate. If you combine too many ports, you won't have a way to undo any errors.
  • The ports that you include must not have any link or relation to any other aspect of the FortiGate. For example, DHCP servers, security policies, and so on.
  • For increased security, you can create a captive portal for the switch, and allow only specific user groups to access the resources connected to the switch.
  • To add an interface to a software switch, the existing configuration can't reference the interface. Its IP address must be set to 0.0.0.0/0.0.0.0.
To create a software switch – CLI

config system switch-interface

edit <switch-name>

set type switch

set member <interface_list>

next

end

config system interface

edit <switch_name>

set ip <ip_address>

set allowaccess https ssh ping

next

end