Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
desmond1102
New Contributor

Created on ‎10-11-2014 01:07 AM

Unable to change Operation Mode

Hi all, I have bought a Fortigate 200D recently, and about to configure it. But i cant change the operation mode from NAT to Transparent. Both Web GUI & CLI also failed. The CLI come out with a message below :- MYAEFW-01 # MYAEFW-01 # config system settings MYAEFW-01 (settings) # set opmode transparent MYAEFW-01 (settings) # set manageip 192.168.2.2/255.255.255.0 MYAEFW-01 (settings) # set gateway 192.168.2.1 MYAEFW-01 (settings) # end Cannot change to transparent mode because this vdom contains the following virtual switch: lan node_check_object fail! for opmode transparent Attribute ' opmode' value ' transparent' checkingfail -7 Command fail. Return code -7 Base on this message, i try to find the " virtual switch" inside the Interface option, but i only saw a " Hardware Switch" inside and unable to disable or delete it. I am totally new to this firewall unit, hopefully someone can answer my question. Thanks, Desmond Low
21861
0 Kudos
3 REPLIES 3
emnoc
Esteemed Contributor III

Created on ‎10-11-2014 07:12 AM

I would pull the config and use a unix grep or find&replace and find the links and association to the vdom and switch. i bet you have a Layer3 addressed interface for the lan switch.

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
3335
0 Kudos
Dave_Hall
Honored Contributor

Created on ‎10-11-2014 07:18 AM

By default or through a factory reset the config has a hardware switch called lan, which combines all the internal ports 1 through 16. You need to delete this lan interface, which is easy to do from the GUI. You need to make sure there are no references to this lan interface or you will not get the option to delete it. You can check this by enabling the " Ref." column (just right click on the column headings and add it). The default config will just have a firewall policy from lan to wan1 -- just delete that policy and I think you should be good with deleting that that interface. Once the lan interface has been deleted, you should see individual ports 1 though 16. You should be able to switch the Fortigate into transparent mode after that. (Firmware used in the fgt in the screenshots is 5.0.9.)

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
136 KB
3335
0 Kudos
Mark_Oakton
Contributor

Created on ‎10-15-2014 03:27 AM

Make sure you also disable dhcp on all interfaces
Infosec Partners
Infosec Partners
3335
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.