Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ddemland
New Contributor II

60D Change physical port back to hardware switch

I am new to Fortinet and I have a 60D. When I was starting my configuration I changed some ports to physical ports. I would like to remove one of these created physical ports and place it back in the internal hardware switch. I have all the reference removed so there is a 0 in the reference column, but I do not get the delete option enabled. How to I delete this physical interface so I can add this port back into the internal hardware switch?

7 REPLIES 7
ede_pfau
Esteemed Contributor III

You don't delete physical ports - they're physical.

 

If you want to use it in a hardware switch add the port to the switch - that's all. Depending on the FOS version you can do that in the GUI:

- open the switch interface

- click on an available (physical) port to add it as a member

Done.

In previous versions this was a bit more complicated, as you had to configure it in the CLI.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
ddemland
New Contributor II

OK, I am game. I have looked at everything and I cannot do this. I am using 5.2 on a 60d and I have tried to remove internal3 with the CLI and get a message that I cannot remove a static entry and I have tried to add internal3 to the "internal" switch and I get an message that I cannot use an assigned interface. How to I remove internal3 from physical to the "internal" switch?

Toshi_Esumi
Esteemed Contributor III

No, you don't need to "remove" internal3. But you need to remove all references using internal3, such as policies,  DHCP server, vlan subinterfaces, static routes, VIPs, and so on. Then you should be able to let it rejoin "internal" hard-switch interface.

ede_pfau
Esteemed Contributor III

As I've posted: you don't have to, and you cannot, remove/delete a physical port. Just see to it that it is not used anywhere - DHCP server, policy, static route, address object bound to it etc.

Then, when the port is free (of references), you can add it to the virtual switch. I thought that was possible in the GUI but you seem to get around with the CLI as well.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
rwpatterson
Valued Contributor III

It was my belief that it was either a single 'internal' interface or 'internal1, internal2,...internalx'. In order to remove internal3, you would have to revert the entire switch back to switch mode, no? You could create a software switch and add internal3 into that, but to go back to a single Internal interface, all interalx entries would have to be removed and a reboot would be required as well. Correct me if I'm wrong here.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
Toshi_Esumi
Esteemed Contributor III

They can co-exist unless it's very old version of 5.2. I think they changed this part with 5.2.3 or something like that. We often use "internal"=internal1+2+...+5, and "internal6", "internal7".

 

ddemland
New Contributor II

Thank you all, I got it figured out. I have version 5.2.3 and I did have all the references removed. Since I did not have a change mode option, I took a backup and removed the internal3 from the system interface section, then I added an empty internal3 under virtual-switch->internal->physical-switch "sw0" and rebooted. Now I have the internal3 port back on the internal interface. I would have not thought of this had something had not been said version 5.2.3.

 

I appreciate all your help for someone who is new to Fortinet.

Labels
Top Kudoed Authors