By default smaller Fortigate units such as the 60D or 90D series combine their interfaces into a virtual switch. Via a configuration change all ports can be assigned to their own broadcast domains. This is useful for example if you want to configure a number of different trunk ports.
By default the firewalls are also configured with basic policies that permit and NAT outbound traffic as well as a DHCP server. These configurations need to be cleared before the switch mode can be changed.
#config firewall policy
#purge
This operation will clear all table!
Do you want to continue? (y/n) y
#end
#config system dhcp server
#purge
This operation will clear all table!
Do you want to continue? (y/n) y
#end
#config system global
#set internal-switch-mode interface
#end
Changing switch mode will reboot the system!
Do you want to continue? (y/n) y
No comments:
Post a Comment