Fortigate 90D HA模式下 交换接口模式 interface 和 switch 都可以使用吗?

现有设备90D两台,做了HA,交换接口模式设定为switch,WAN1口为 ISP光纤,WAN2口为 LAN专线。
我看了官方的一些文档,是不是只要先把与internal相关的路由删除,然后转换接口模式,在GUI界面添加新的接口(LAN 1,2,3,4,5 ....),这样就可以了吗,有没有需要注意的地方。


赞同来自: kmliu

1) Complete the prerequisites to change the mode 
2) Change the mode from Switch mode to interface mode 
3) Configure the network and allow access to a particular network port. 

1) Prerequisites to change the mode 

You must disable DHCP service on the Fortigate device and remove the any policies related to internalinterface. 
Below is the Fortigate device 80C in switch mode.
All interfaces are combined together as single ‘internal’interface. 
In this case, we can't have different settings ( IPs, policies etc) for every port in this device. 

a) To remove DHCP, click on the ‘internal’ and press edit. Deselect the check box of DHCP server as shown below.
b) Remove any policies which are related to ‘internal’ port, normally you will find only one policy.

2) Changing from Switch mode to interface mode. 

Type following command, 

config system global 
set internal-switch-mode interface 

3) Configure the network and allow access to a network port 
To configure the access, ( below example shows how to allow access of https and http on particular port) 

config system interface
edit <interface_name>
set allowaccess http https
Now we are ready to change the mode. 

bjxiaofeng2015 - hello verybaby


config system global
set internal-switch-mode interface
然后选 y, 设备自动重启,接口都拆成 独立功能接口了(internal1,2,3,4,5,6,7,8,9---),可以配置ip