Fortigate 90D HA模式下 交换接口模式 interface 和 switch 都可以使用吗?

现有设备90D两台,做了HA,交换接口模式设定为switch,WAN1口为 ISP光纤,WAN2口为 LAN专线。
 
公司多加了一条10M光纤线,现在接口不够用了,想把90D后面的交换接口模式转成interface模式,其中两个接口做HA,再有两个接口往下连2层交换机,请问该如何设置。
 
我看了官方的一些文档,是不是只要先把与internal相关的路由删除,然后转换接口模式,在GUI界面添加新的接口(LAN 1,2,3,4,5 ....),这样就可以了吗,有没有需要注意的地方。
已邀请:

Arthur

赞同来自: kmliu

好吧,网上百度一下出了一个答案,挺简洁的。
1) Complete the prerequisites to change the mode 
2) Change the mode from Switch mode to interface mode 
3) Configure the network and allow access to a particular network port. 

1) Prerequisites to change the mode 

You must disable DHCP service on the Fortigate device and remove the any policies related to internalinterface. 
Below is the Fortigate device 80C in switch mode.
All interfaces are combined together as single ‘internal’interface. 
In this case, we can't have different settings ( IPs, policies etc) for every port in this device. 

a) To remove DHCP, click on the ‘internal’ and press edit. Deselect the check box of DHCP server as shown below.
b) Remove any policies which are related to ‘internal’ port, normally you will find only one policy.

2) Changing from Switch mode to interface mode. 

Type following command, 

config system global 
set internal-switch-mode interface 
end 

3) Configure the network and allow access to a network port 
To configure the access, ( below example shows how to allow access of https and http on particular port) 

config system interface
edit <interface_name>
set allowaccess http https
end 
Now we are ready to change the mode. 
 
 

bjxiaofeng2015 - hello verybaby

赞同来自:

把设备恢复出厂,最好重新配置一下。
config system global
set internal-switch-mode interface
end
然后选 y, 设备自动重启,接口都拆成 独立功能接口了(internal1,2,3,4,5,6,7,8,9---),可以配置ip
 

要回复问题请先登录注册