System Network Configuring interfaces
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 197
http://docs.fortinet.com/ • Feedback
See also
Adding a software switch interface
A software switch interface forms a simple bridge between two or more physical or
wireless FortiGate interfaces. The interfaces added to a soft switch interface are called
members. The members of a switch interface cannot be accessed as an individual
interface after being added to a soft switch interface. They are removed from the system
interface table.
Similar to aggregate interfaces, a soft switch interface functions like a normal interface. A
soft switch interface has one IP address. You create firewall policies to and from soft
switch interfaces and soft switch interfaces can be added to zones. There are some
limitations; soft switch interfaces cannot be monitored by HA or used as HA heartbeat
interfaces.
To add interfaces to a software switch group, no configuration settings can refer to those
interfaces. This includes default routes, VLANs, inter-VDOM links, and policies. You can
view available interfaces on the CLI when entering the ‘
set member’ command by using
‘?’ or <TAB> to scroll through the available list.
The CLI command to configure a software switch interface called soft_switch with port1,
external and dmz interfaces is:
config system switch-interface
edit soft_switch
set members port1 external dmz
end
HTTP Allow HTTP connections to the web-based manager through this secondary
IP. HTTP connections are not secure and can be intercepted by a third party.
SSH Allow SSH connections to the CLI through this secondary IP.
SNMP Allow a remote SNMP manager to request SNMP information by connecting
to this secondary IP. See “Configuring SNMP” on page 242.
TELNET Allow Telnet connections to the CLI through this secondary IP. Telnet
connections are not secure and can be intercepted by a third party.
Add Select Add to add the configured secondary IP address to the secondary IP
table.
Addresses in this table are not added to the interface until you select OK or
Apply.
Secondary IP table A table that displays all the secondary IP addresses that have been added to
this interface.
These addresses are not permanently added to the interface until you select
OK or Apply.
# The identifying number of the secondary IP address.
IP/Netmask The IP address and netmask for the secondary IP.
Ping Server The IP address of the ping server for the address. The ping server can be
shared by multiple addresses.
Enable Indicates if the ping server option is selected.
Access The administrative access methods for this address. They can be different
from the primary IP address.
Delete Icon Select to remove this secondary IP entry.
Note: It is recommended that after adding a secondary IP, you refresh the secondary IP
table and verify your new address is listed. If not, one of the restrictions (have a primary IP
address, use manual addressing mode, more than one IP on the same subnet, more than
32 IP addresses assigned to the interface, etc.) prevented the address from being added.
To Next Page
Loading...
Need help?
General