After working with and investigating many different vendors and manufacturers of networking equipment, we have come to choose FortiGate for our small/medium business solutions. Out of the box these FortiGate devices are configured to act like your usual home router, with all LAN ports setup as a logical port, and then the WAN and DMZ ports separate. By configuring the firewall in Interface mode, all of their models allow for more scalability in times of need.
For example, on the FortiGate 60D, 7 LAN ports, 2 WAN and a DMZ port are provided. Due to the size of the office a switch is not being used for Internal traffic, but instead most of the 7 LAN ports are being used. Normally there would be a single interface on the UI that is configurable, but we needed 6 to be on the LAN with one port being dedicated to the FortiAP. To configure the device into interface mode, all instances of the default Internal interface must have their references removed. By default, the only two references are a firewall policy and the DHCP service, though if this device is in production and has been modified in the past then the Internal interface may be referenced more than twice.
By performing a factory reset you can start from scratch, which is exactly what we would recommend.
Once that has been done, configuring the internal switch to run in Interface mode instead can only be done by CLI, though this may change.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
config firewall policy delete 1 end config system dhcp server delete 1 end config system global set gui-ipv6 enable set internal-switch-mode interface end Y #This is only required if using 5.2.0 or older |