System Network Interfaces
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424 135
http://docs.fortinet.com/ • Feedback
Similar to aggregate interfaces, a soft switch interface functions like a normal interface. A
soft switch interface has one IP address. You create firewall policies to and from soft
switch interfaces and soft switch interfaces can be added to zones. There are some
limitations; soft switch interfaces cannot be monitored by HA or used as HA heartbeat
interfaces.
To add interfaces to a software switch group, no configuration settings can refer to those
interfaces. This includes default routes, VLANs, inter-VDOM links, and policies. You can
view available interfaces on the CLI when entering the ‘
set member’ command by using
‘?’ or <TAB> to scroll through the available list.
The CLI command to configure a software switch interface called soft_switch with port1,
external and dmz interfaces is:
config system switch-interface
edit soft_switch
set members port1 external dmz
end
For more information, see config system switch-interface in the FortiGate CLI Reference.
Administrative access to an interface
Administrative access is how an administrator can connect to the FortiGate unit to view
and change configuration settings. Two methods of administrative access are HTTPS and
SSH.
You can allow remote administration of the FortiGate unit running in NAT/Route mode, but
allowing remote administration from the Internet could compromise the security of the
FortiGate unit. You should avoid this unless it is required for your configuration.
To improve the security of a FortiGate unit that allows remote administration from the
Internet:
• Use secure administrative user passwords.
• Change these passwords regularly.
• Enable secure administrative access to this interface using only HTTPS or SSH.
• Do not change the system idle timeout from the default value of 5 minutes (see
“Settings” on page 228).
For more information on configuring administrative access in Transparent mode, see
“Operation mode and VDOM management access” on page 206.
To control administrative access to an interface
1 Go to System > Network > Interface.
2 Choose an interface and select Edit.
3 Select the Administrative Access methods for the interface.
4 Select OK.
Interface MTU packet size
To improve network performance, you can change the maximum transmission unit (MTU)
of the packets that the FortiGate unit transmits. Ideally, the MTU should be the same as
the smallest MTU of all the networks between the FortiGate unit and the destination of the
packets. If the packets that the FortiGate unit sends are larger than the smallest MTU,
they are broken up or fragmented, which slows down transmission. Experiment by
lowering the MTU to find an MTU size for optimum network performance.
To Next Page
Loading...