Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.15
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config system switch-interface

    config system switch-interface

    Configure software switch interfaces by grouping physical and WiFi interfaces.

    config system switch-interface
    Description: Configure software switch interfaces by grouping physical and WiFi interfaces.
    edit <name>
        set intra-switch-policy [implicit|explicit]
        set mac-ttl {integer}
        set member <interface-name1>, <interface-name2>, ...
        set span [disable|enable]
        set span-dest-port {string}
        set span-direction [rx|tx|...]
        set span-source-port <interface-name1>, <interface-name2>, ...
        set type [switch|hub]
        set vdom {string}
    next
end

    config system switch-interface

    Parameter

    Description

    Type

    Size

    Default

    intra-switch-policy

    Allow any traffic between switch interfaces or require firewall policies to allow traffic between switch interfaces.

    option

    -

    implicit

    Option

    Description

    implicit

    Traffic between switch members is implicitly allowed.

    explicit

    Traffic between switch members must match firewall policies.

    mac-ttl

    Duration for which MAC addresses are held in the ARP table.

    integer

    Minimum value: 300 Maximum value: 8640000

    300

    member <interface-name>

    Names of the interfaces that belong to the virtual switch.

    Physical interface name.

    string

    Maximum length: 79

    name

    Interface name (name cannot be in use by any other interfaces, VLANs, or inter-VDOM links).

    string

    Maximum length: 15

    span

    Enable/disable port spanning. Port spanning echoes traffic received by the software switch to the span destination port.

    option

    -

    disable

    Option

    Description

    disable

    Disable port spanning.

    enable

    Enable port spanning.

    span-dest-port

    SPAN destination port name. All traffic on the SPAN source ports is echoed to the SPAN destination port.

    string

    Maximum length: 15

    span-direction

    The direction in which the SPAN port operates, either: rx, tx, or both.

    option

    -

    both

    Option

    Description

    rx

    Copies only received packets from source SPAN ports to the destination SPAN port.

    tx

    Copies only transmitted packets from source SPAN ports to the destination SPAN port.

    both

    Copies both received and transmitted packets from source SPAN ports to the destination SPAN port.

    span-source-port <interface-name>

    Physical interface name. Port spanning echoes all traffic on the SPAN source ports to the SPAN destination port.

    Physical interface name.

    string

    Maximum length: 79

    type

    Type of switch based on functionality: switch for normal functionality, or hub to duplicate packets to all port members.

    option

    -

    switch

    Option

    Description

    switch

    Switch for normal switch functionality (available in NAT mode only).

    hub

    Hub to duplicate packets to all member ports.

    vdom

    VDOM that the software switch belongs to.

    string

    Maximum length: 31

    Previous
    Next

    config system switch-interface

    config system switch-interface

    Configure software switch interfaces by grouping physical and WiFi interfaces.

    config system switch-interface
    Description: Configure software switch interfaces by grouping physical and WiFi interfaces.
    edit <name>
        set intra-switch-policy [implicit|explicit]
        set mac-ttl {integer}
        set member <interface-name1>, <interface-name2>, ...
        set span [disable|enable]
        set span-dest-port {string}
        set span-direction [rx|tx|...]
        set span-source-port <interface-name1>, <interface-name2>, ...
        set type [switch|hub]
        set vdom {string}
    next
end

    config system switch-interface

    Parameter

    Description

    Type

    Size

    Default

    intra-switch-policy

    Allow any traffic between switch interfaces or require firewall policies to allow traffic between switch interfaces.

    option

    -

    implicit

    Option

    Description

    implicit

    Traffic between switch members is implicitly allowed.

    explicit

    Traffic between switch members must match firewall policies.

    mac-ttl

    Duration for which MAC addresses are held in the ARP table.

    integer

    Minimum value: 300 Maximum value: 8640000

    300

    member <interface-name>

    Names of the interfaces that belong to the virtual switch.

    Physical interface name.

    string

    Maximum length: 79

    name

    Interface name (name cannot be in use by any other interfaces, VLANs, or inter-VDOM links).

    string

    Maximum length: 15

    span

    Enable/disable port spanning. Port spanning echoes traffic received by the software switch to the span destination port.

    option

    -

    disable

    Option

    Description

    disable

    Disable port spanning.

    enable

    Enable port spanning.

    span-dest-port

    SPAN destination port name. All traffic on the SPAN source ports is echoed to the SPAN destination port.

    string

    Maximum length: 15

    span-direction

    The direction in which the SPAN port operates, either: rx, tx, or both.

    option

    -

    both

    Option

    Description

    rx

    Copies only received packets from source SPAN ports to the destination SPAN port.

    tx

    Copies only transmitted packets from source SPAN ports to the destination SPAN port.

    both

    Copies both received and transmitted packets from source SPAN ports to the destination SPAN port.

    span-source-port <interface-name>

    Physical interface name. Port spanning echoes all traffic on the SPAN source ports to the SPAN destination port.

    Physical interface name.

    string

    Maximum length: 79

    type

    Type of switch based on functionality: switch for normal functionality, or hub to duplicate packets to all port members.

    option

    -

    switch

    Option

    Description

    switch

    Switch for normal switch functionality (available in NAT mode only).

    hub

    Hub to duplicate packets to all member ports.

    vdom

    VDOM that the software switch belongs to.

    string

    Maximum length: 31

    Previous
    Next