Choosing your FortiGate’s switch mode

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin

This section contains information to help you determine which internal switch mode your FortiGate should use, a decision that should be made before the FortiGate is installed.

What is the internal switch mode?

The internal switch mode determines how the FortiGate’s physical ports are managed by the FortiGate. The two main modes are Switch mode and Interface mode.

Internal switch mode was removed in FortiOS 5.4.

What are Switch mode and Interface mode and why are they used?

In Switch mode, all the internal interfaces are part of the same subnet and treated as a single interface, called either lan or internal by default, depending on the FortiGate model. Switch mode is used when the network layout is basic, with most users being on the same subnet.

In Interface mode, the physical interfaces of the FortiGate unit are handled individually, with each interface having its own IP address. Interfaces can also be combined by configuring them as part of either hardware or software switches, which allow multiple interfaces to be treated as a single interface. This mode is ideal for complex networks that use different subnets to compartmentalize the network traffic.

Which mode is your FortiGate in by default?

The default mode that a FortiGate starts in varies depending on the model. To determine which mode your FortiGate unit is in, go to System > Network > Interfaces. Locate the
lan or internal interface. If the interface is listed as a Physical Interface in the Type column, then your FortiGate is in Switch mode. If the interface is a Hardware Switch, then your FortiGate is in Interface mode.

How do you change the mode?

If you need to change the mode your FortiGate unit is in, first make sure none of the physical ports that make up the lan or internal interface are referenced in the FortiGate configuration (for example, in a policy or DHCP server). If you FortiGate model has a Switch Controller, you may need to disable it before you can change the internal switch mode.

Go to System > Dashboard > Status and enter either of the following commands into the CLI Console:

  1. Command to change the FortiGate to switch mode:
    config system global
         set internal-switch-mode switch
    exit
  2. Command to change the FortiGate to interface mode:
    config system global
         set internal-switch-mode interface
    exit
Victoria Martin

Victoria Martin

Technical Writer at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

Facebooktwittergoogle_pluslinkedinFacebooktwittergoogle_pluslinkedin