Fortinet black logo

Configuring the network interfaces

Copy Link
Copy Doc ID 96b41dc6-3f02-11eb-96b9-00505692583a:717430
Download PDF

Configuring the network interfaces

The System > Network > Network tab displays the FortiVoice Gateway’s network interfaces.

You must configure at least one network interface for the FortiVoice Gateway to connect to your network. Depending on your network topology and other considerations, you can connect the FortiVoice Gateway to your network using two or more of the network interfaces. You can configure each network interface separately. You can also configure advanced interface options, including VLAN subinterfaces, redundant interfaces, and loopback interfaces. For more information, see About FortiVoice Gateway logical interfaces and Editing network interfaces.

To view the list of network interfaces, go to System > Network > Network.

GUI field

Description

Name

Displays the name of the network interface, such as port1.

Type

Displays the interface type: physical, VLAN, redundant, or loopback. For details, see About FortiVoice Gateway logical interfaces.

IP/Netmask

Displays the IP address and netmask of the network interface.

IPv6/Netmask

Displays the IPv6 address and netmask of the network interface.

Access

Displays the administrative access and phone user access that are enabled on the network interface, such as HTTPS for the web-based manager.

Status

Indicates the up (available) or down (unavailable) administrative status for the network interface.

  • Green up arrow: The network interface is up and can receive traffic.
  • Red down arrow: The network interface is down and cannot receive traffic.

To change the administrative status (that is, bring up or down a network interface), see Editing network interfaces.

Editing network interfaces

You can edit FortiVoice Gateway’s physical network interfaces to change their IP addresses, netmasks, administrative access protocols, and other settings. You can also create or edit logical interfaces, such as VLANs, redundant interfaces and the loopback interface.

Caution

Enable administrative access only on network interfaces connected to trusted private networks or directly to your management computer. If possible, enable only secure administrative access protocols such as HTTPS or SSH. Failure to restrict administrative access could compromise the security of your FortiVoice Gateway.

You can restrict which IP addresses are permitted to log in as a FortiVoice Gateway administrator through network interfaces. For details, see Configuring administrator accounts.

To create or edit a network interface
  1. Go to System > Network > Network.
  2. Double-click a network interface to modify it or select the interface and click Edit. If you want to create a logical interface, click New.

    The Interface dialog appears.

  3. Configure the following:

    GUI field

    Description

    Interface name

    If you are editing an existing interface, this field displays the name (such as port2) and media access control (MAC) address for this network interface.

    If you are creating a logical interface, enter a name for the interface.

    Type

    If you are creating a logical interface, select which type of interface you want to create. For information about logical interface types, see About FortiVoice Gateway logical interfaces.

    • VLAN: If you want to create a VLAN subinterface, select the interface for which you want to create the subinterface. Then specify a port and VLAN ID. Valid VLAN ID numbers are from 1 to 4094, while 0 is used for high priority frames, and 4095 is reserved.
    • Redundant: If you want to create a redundant interface, select the interface members from the available interfaces. Usually, you need to include two or more interfaces as the redundant interface members.
    • Loopback: If you want to add a loopback interface, select the Loopback type and the interface name will be automatically reset to “loopback”. You can only add one loopback interface on the FortiVoice Gateway.

    Addressing Mode

    • Manual: Select to enter the IP address or IPv6 address and netmask for the network interface in IP/Netmask or IPv6/Netmask.
    • DHCP: Select and click Update Request to retrieve a dynamic IP address using DHCP.

    Advanced Setting

    Enable protocols that this network interface should accept for connections to the FortiVoice Gateway itself. (These options do not affect connections that will travel through the FortiVoice Gateway.)

    Caution

    HTTP and Telnet connections are not secure, and can be intercepted by a third party. If possible, enable this option only for network interfaces connected to a trusted private network, or directly to your management computer. Failure to restrict administrative access through this protocol could compromise the security of your FortiVoice Gateway. For information on further restricting access of administrative connections, see Configuring administrator accounts.

    • HTTPS: Enable to allow secure HTTPS connections to the web‑based manager, and extension user account through this network interface.
    • SNMP: Enable to allow SNMP connections (queries) to this network interface.
      For information on further restricting access, or on configuring the network interface that will be the source of traps, see Configuring the network interfaces.
    • TFTP: Enable to allow TFTP connections to the CLI through this network interface. The SIP phones connect to this server to receive the PBX setup information.
    • SIPPNP: Enable SIPPNP multicast function for the connected phones to find the provisioning server contained in its message for the phones.
    • PING: Enable to allow ICMP ECHO (ping) responses from this network interface.
    • HTTP: Enable to allow HTTP connections to the web‑based manager, and extension user account through this network interface.
    • NTP: Enable to allow SIP phones to connect to this server to synchronize time.
    • MDNS: Enable MDNS multicast function for the connected phones to find the TFTP provisioning server contained in its message for the phones. This is mainly for backward support of legacy FortiFones.
    • SSH: Enable to allow SSH connections to the CLI through this network interface.
    • TELNET: Enable to allow Telnet connections to the CLI through this network interface.
    • LDAP: Enable to allow SIP phones to connect to this server to retrieve phone directories.

    • MTU: Enable to change the maximum transmission unit (MTU) value, then enter the maximum packet or Ethernet frame size in bytes.
    • If network devices between the FortiVoice Gateway and its traffic destinations require smaller or larger units of traffic, packets may require additional processing at each node in the network to fragment or defragment the units, resulting in reduced network performance. Adjusting the MTU to match your network can improve network performance.

      The default value is 1500 bytes. The MTU size must be between 576 and 1500 bytes. Change this if you need a lower value; for example, RFC 2516 prescribes a value of 1492 for the PPPoE protocol.

    • Administrative status: Select either:
      • Up: Enable (that is, bring up) the network interface so that it can send and receive traffic.
      • Down: Disable (that is, bring down) the network interface so that it cannot send or receive traffic.
  4. Click Create or OK.

Configuring the network interfaces

The System > Network > Network tab displays the FortiVoice Gateway’s network interfaces.

You must configure at least one network interface for the FortiVoice Gateway to connect to your network. Depending on your network topology and other considerations, you can connect the FortiVoice Gateway to your network using two or more of the network interfaces. You can configure each network interface separately. You can also configure advanced interface options, including VLAN subinterfaces, redundant interfaces, and loopback interfaces. For more information, see About FortiVoice Gateway logical interfaces and Editing network interfaces.

To view the list of network interfaces, go to System > Network > Network.

GUI field

Description

Name

Displays the name of the network interface, such as port1.

Type

Displays the interface type: physical, VLAN, redundant, or loopback. For details, see About FortiVoice Gateway logical interfaces.

IP/Netmask

Displays the IP address and netmask of the network interface.

IPv6/Netmask

Displays the IPv6 address and netmask of the network interface.

Access

Displays the administrative access and phone user access that are enabled on the network interface, such as HTTPS for the web-based manager.

Status

Indicates the up (available) or down (unavailable) administrative status for the network interface.

  • Green up arrow: The network interface is up and can receive traffic.
  • Red down arrow: The network interface is down and cannot receive traffic.

To change the administrative status (that is, bring up or down a network interface), see Editing network interfaces.

Editing network interfaces

You can edit FortiVoice Gateway’s physical network interfaces to change their IP addresses, netmasks, administrative access protocols, and other settings. You can also create or edit logical interfaces, such as VLANs, redundant interfaces and the loopback interface.

Caution

Enable administrative access only on network interfaces connected to trusted private networks or directly to your management computer. If possible, enable only secure administrative access protocols such as HTTPS or SSH. Failure to restrict administrative access could compromise the security of your FortiVoice Gateway.

You can restrict which IP addresses are permitted to log in as a FortiVoice Gateway administrator through network interfaces. For details, see Configuring administrator accounts.

To create or edit a network interface
  1. Go to System > Network > Network.
  2. Double-click a network interface to modify it or select the interface and click Edit. If you want to create a logical interface, click New.

    The Interface dialog appears.

  3. Configure the following:

    GUI field

    Description

    Interface name

    If you are editing an existing interface, this field displays the name (such as port2) and media access control (MAC) address for this network interface.

    If you are creating a logical interface, enter a name for the interface.

    Type

    If you are creating a logical interface, select which type of interface you want to create. For information about logical interface types, see About FortiVoice Gateway logical interfaces.

    • VLAN: If you want to create a VLAN subinterface, select the interface for which you want to create the subinterface. Then specify a port and VLAN ID. Valid VLAN ID numbers are from 1 to 4094, while 0 is used for high priority frames, and 4095 is reserved.
    • Redundant: If you want to create a redundant interface, select the interface members from the available interfaces. Usually, you need to include two or more interfaces as the redundant interface members.
    • Loopback: If you want to add a loopback interface, select the Loopback type and the interface name will be automatically reset to “loopback”. You can only add one loopback interface on the FortiVoice Gateway.

    Addressing Mode

    • Manual: Select to enter the IP address or IPv6 address and netmask for the network interface in IP/Netmask or IPv6/Netmask.
    • DHCP: Select and click Update Request to retrieve a dynamic IP address using DHCP.

    Advanced Setting

    Enable protocols that this network interface should accept for connections to the FortiVoice Gateway itself. (These options do not affect connections that will travel through the FortiVoice Gateway.)

    Caution

    HTTP and Telnet connections are not secure, and can be intercepted by a third party. If possible, enable this option only for network interfaces connected to a trusted private network, or directly to your management computer. Failure to restrict administrative access through this protocol could compromise the security of your FortiVoice Gateway. For information on further restricting access of administrative connections, see Configuring administrator accounts.

    • HTTPS: Enable to allow secure HTTPS connections to the web‑based manager, and extension user account through this network interface.
    • SNMP: Enable to allow SNMP connections (queries) to this network interface.
      For information on further restricting access, or on configuring the network interface that will be the source of traps, see Configuring the network interfaces.
    • TFTP: Enable to allow TFTP connections to the CLI through this network interface. The SIP phones connect to this server to receive the PBX setup information.
    • SIPPNP: Enable SIPPNP multicast function for the connected phones to find the provisioning server contained in its message for the phones.
    • PING: Enable to allow ICMP ECHO (ping) responses from this network interface.
    • HTTP: Enable to allow HTTP connections to the web‑based manager, and extension user account through this network interface.
    • NTP: Enable to allow SIP phones to connect to this server to synchronize time.
    • MDNS: Enable MDNS multicast function for the connected phones to find the TFTP provisioning server contained in its message for the phones. This is mainly for backward support of legacy FortiFones.
    • SSH: Enable to allow SSH connections to the CLI through this network interface.
    • TELNET: Enable to allow Telnet connections to the CLI through this network interface.
    • LDAP: Enable to allow SIP phones to connect to this server to retrieve phone directories.

    • MTU: Enable to change the maximum transmission unit (MTU) value, then enter the maximum packet or Ethernet frame size in bytes.
    • If network devices between the FortiVoice Gateway and its traffic destinations require smaller or larger units of traffic, packets may require additional processing at each node in the network to fragment or defragment the units, resulting in reduced network performance. Adjusting the MTU to match your network can improve network performance.

      The default value is 1500 bytes. The MTU size must be between 576 and 1500 bytes. Change this if you need a lower value; for example, RFC 2516 prescribes a value of 1492 for the PPPoE protocol.

    • Administrative status: Select either:
      • Up: Enable (that is, bring up) the network interface so that it can send and receive traffic.
      • Down: Disable (that is, bring down) the network interface so that it cannot send or receive traffic.
  4. Click Create or OK.