Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marito
New Contributor

Missing ports when create new zone

Hi!

I've an E200 device with firmware 5.6.2. Port 1 & Port 2 connect 2 subnets in my LAN. I'm trying to create a new zone that includes those port to simplify the policies, but I don't see them in the available interface members list. Actually, The list doesn't show any used port.

It's a bug or I'm missing something?

I'll appreciate any help.

TNX

3 REPLIES 3
rwpatterson
Valued Contributor III

Welcome to the forums.

 

Interfaces (or ports) need to be totally disassociated from policies, addresses, DHCP scopes, etc. before they can be placed into a zone. Yes, a very large P.I.T.A. if you are doing it after the fact, but proper planning makes things go far easier. If you have additional ports at your disposal, you may wish to add one of those into a zone, configure it as wished, then swap connections and IP addresses. You could always plug a laptop into that new port first and test it to death before committing the real deal.

 

Hope that helps.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
marito

Thanks for your quickly and right answer.  My problem now is to make the change keeping the service uninterrupted, but I'll find the right time to do it.

Thanks

Dave_Hall
Honored Contributor

Usually only ports with no references (e.g. firewall polices rules) can be used in creating a new zone.  According to the Reference manual, try removing any created firewall polices for port1 & port2 and try again.

 

http://help.fortinet.com/...config/system/zone.htm

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors