Fortinet white logo
Fortinet white logo

Cookbook

Hardware switch

Hardware switch

A hardware switch is a virtual switch interface that groups different ports together so that the FortiGate can use the group as a single interface. Supported FortiGate models have a default hardware switch called either internal or lan. The hardware switch is supported by the chipset at the hardware level.

Ports that are connected to the same hardware switch behave like they are on the same physical switch in the same broadcast domain. Ports can be removed from a hardware switch and assigned to another switch or used as standalone interfaces.

Some of the difference between hardware and software switches are:

Feature

Hardware switch

Software switch

Processing

Packets are processed in hardware by the hardware switch controller, or SPU where applicable.

Packets are processed in software by the CPU.

STP

Supported

Not Supported

Wireless SSIDs

Not Supported

Supported

Intra-switch traffic

Allowed by default.

Allowed by default. Can be explicitly set to require a policy.

To change the ports in a hardware switch in the GUI:
  1. Go to Network > Interface and edit the hardware switch.
  2. Click inside the Interface members field.

  3. Select interfaces to add or remove them from the hardware switch, then click Close.

    To add an interface to a hardware switch, it cannot be referenced by an existing configuration and its IP address must be set to 0.0.0.0/0.0.0.0.

  4. Click OK.

    Removed interfaces will now be listed as standalone interfaces in the Physical Interface section.

To remove ports from a hardware switch in the CLI:
config system virtual-switch
    edit "internal"
        config port
            delete internal2
            delete internal5
        end
    next
end
To add ports to a hardware switch in the CLI:
config system virtual-switch
    edit "internal"
        set physical-switch "sw0"
        config port
            edit "internal1"
            next
            edit "internal3"
            next
            edit "internal4"
            next
            edit "internal6"
            next
        end
    next
end

To add an interface to a hardware switch, it cannot be referenced by an existing configuration and its IP address must be set to 0.0.0.0/0.0.0.0.

Hardware switch

Hardware switch

A hardware switch is a virtual switch interface that groups different ports together so that the FortiGate can use the group as a single interface. Supported FortiGate models have a default hardware switch called either internal or lan. The hardware switch is supported by the chipset at the hardware level.

Ports that are connected to the same hardware switch behave like they are on the same physical switch in the same broadcast domain. Ports can be removed from a hardware switch and assigned to another switch or used as standalone interfaces.

Some of the difference between hardware and software switches are:

Feature

Hardware switch

Software switch

Processing

Packets are processed in hardware by the hardware switch controller, or SPU where applicable.

Packets are processed in software by the CPU.

STP

Supported

Not Supported

Wireless SSIDs

Not Supported

Supported

Intra-switch traffic

Allowed by default.

Allowed by default. Can be explicitly set to require a policy.

To change the ports in a hardware switch in the GUI:
  1. Go to Network > Interface and edit the hardware switch.
  2. Click inside the Interface members field.

  3. Select interfaces to add or remove them from the hardware switch, then click Close.

    To add an interface to a hardware switch, it cannot be referenced by an existing configuration and its IP address must be set to 0.0.0.0/0.0.0.0.

  4. Click OK.

    Removed interfaces will now be listed as standalone interfaces in the Physical Interface section.

To remove ports from a hardware switch in the CLI:
config system virtual-switch
    edit "internal"
        config port
            delete internal2
            delete internal5
        end
    next
end
To add ports to a hardware switch in the CLI:
config system virtual-switch
    edit "internal"
        set physical-switch "sw0"
        config port
            edit "internal1"
            next
            edit "internal3"
            next
            edit "internal4"
            next
            edit "internal6"
            next
        end
    next
end

To add an interface to a hardware switch, it cannot be referenced by an existing configuration and its IP address must be set to 0.0.0.0/0.0.0.0.