Interfaces System Network
FortiGate Version 4.0 Administration Guide
134 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
Configuring interfaces with CLI commands
While nearly all types of interfaces can be configured from the GUI interface, a few, such
as loopback and soft switch interface, can only be configured using CLI commands.
Virtual interfaces are not connected to any physical devices or cables outside the
FortiGate unit. They allow additional connections inside the FortiGate unit, which allow for
more complex configurations. Virtual interfaces also have the added benefit of speed.
Depending on the CPU load, virtual interfaces are consistently faster than physical
interfaces.
Loopback interface
A loopback interface is an ‘always up’ virtual interface that is not connected to any other
interfaces. Loopback interfaces connect to a Fortigate unit’s interface IP address without
depending on a specific external port.
A loopback interface is not connected to hardware, so it is not affected by hardware
problems. As long as the FortiGate unit is functioning, the loopback interface is active.
This ‘always up’ feature is useful in dynamic routing where the Fortigate unit relies on
remote routers and the local Firewall policies to access to the loopback interface.
The CLI command to configure a loopback interface called loop1 with an IP address of
10.0.0.10 is:
config system interface
edit loop1
set type loopback
set ip 10.0.0.10 255.255.255.0
end
For more information, see config system interface in the FortiGate CLI Reference.
Software switch interface
A software switch interface forms a simple bridge between two or more physical or
wireless FortiGate interfaces. The interfaces added to a soft switch interface are called
members. The members of a switch interface cannot be accessed as an individual
interface after being added to a soft switch interface. They are removed from the system
interface table.
Administrative
Access
Select the types of administrative access permitted on this interface.
HTTPS Allow secure HTTPS connections to the web-based manager through this
interface.
PING Allow the interface to respond to pings. Use this setting to verify your
installation and for testing.
HTTP Allow HTTP connections to the web-based manager through this interface.
HTTP connections are not secure and can be intercepted by a third party.
SSH Allow SSH connections to the CLI through this interface.
SNMP Allow a remote SNMP manager to request SNMP information by connecting to
this interface. See “Configuring SNMP” on page 186.
TELNET Allow Telnet connections to the CLI through this interface. Telnet connections
are not secure and can be intercepted by a third party.
Description Enter a description of the interface. It can be up to 63 characters.
To Next Page
Loading...