- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Hardware Switch on FG300E?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hardware Switch on FG300E?
I have a new 300E running 5.6.3 out of the box. No interfaces are configured yet. When I go to create a new interface, I have the option for Software Switch, but not Hardware Switch. Is there no longer a differentiation or is it simply not available on a 300E?
Thank you.
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It took some time to find the schematic. Of the 32 ports (16x GbE, 16x SFP) the SFP ports are directly connected to the NP6, whereas the GbE ports are connected via an Integrated Switch fabric. So, the GbE ports should be able to form a hardware switch.
The difference between HW and SW switch is that the SW switch is putting load on the CPU. The 300E has got a 4 core, 4 tasks CPU which is capable but you would always try to use a hardware switch.
Have a look at the 'lan' or 'internal' port in System > Network > Interfaces: is it made up of single ports? This is a hardware switch then. You could detach a port to use it elsewhere.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for looking into that, Ede.
Out of the box, all ports are individual interfaces - no "internal" or "lan" interface, just port1-port28, ha, etc.
When I go to click Create New, Interface, I get only the following options: VLAN, 802.3ad Aggregate, Redundant Interface, Loopback Interface, Software Switch, and WiFi SSID. There is no Hardware Switch option.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK, it seems there might be only one hardware switch available.
The config is found in the CLI (from the v5.6.2 Ref. manual):
config system physical-switch
edit { name }
# Configure physical switches.
set age-enable { enable | disable } Enable/disable layer 2 age timer.
config port
edit { name }
# Configure member ports.
set speed { option } Speed.
auto Automatically adjust speed.
10full 10M full-duplex.
10half 10M half-duplex.
100full 100M full-duplex.
100half 100M half-duplex.
1000full 1000M full-duplex.
1000half 1000M half-duplex.
1000auto 1000M auto adjust.
set status { up | down } Interface status.
up Interface up.
down Interface down.
set name { string } Physical port name. size[15]
next
set age-val { integer } Layer 2 table age timer Value. range[0-4294967295]
set name { string } Name. size[15]
next
end
config system virtual-switch
edit "internal"
set physical-switch "sw0"
config port
edit "internal1"
next
edit "internal2"
next
edit "internal3"
next
edit "internal4"
next
end
next
end
The 'virtual switch' config is from my 60E.
HTH.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oops, just created a second virtual-switch, and it works. Shows up in Interface section under 'Hardware Switch'. But I haven't tested this, whether the 2 ports in the new switch are connected, and these ports and the ports from the other switch are not.
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unfortunately, "config system physical-switch" and "config system virtual-switch" are not valid commands on the 300E using 5.6.3. I only have "config system switch-interface" and when I create a new entry, it appears as a software switch.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And you're not accidently working with VDOMs?
If not, seems the 300E does not have a hardware switch. Maybe someone using a 300E could look it up in the CLI...
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No VDOMs. I looked through the 5.6.3 CLI manual but could not find any commands related to hardware switch.
Thank you for your efforts!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the v5.6.2 Handbook, pg. 2194, the 'virtual switch' feature is documented. This is the means to use the switch hardware (as opposed to the software switches).
Hardware features like this are documented in the 'Product Matrix'. When I looked it up earlier, I couldn't believe that none of the E series midrange FGTs feature a hardware switch. Not so sure anymore. My FG-60E does have one (and that's a SoC!).
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guys,
So far no NP6 models support virtual-switch, not only E but also D models, like 300D/500D/800D.
Thanks.
Related Posts
- Help setting up internet access for... 167 Views
- HardwareSwitch SoftwareSwitch in 7.2.8M 195 Views
- Trouble Receiving DHCP Packet Over S2S... 289 Views
- Software switch with VLANs vs Interface... 308 Views
- How to bind VLAN (subnet) to... 366 Views
Labels
-
FortiGate
6,527 -
FortiClient
1,302 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
59 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.