System Network
Interfaces
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
135
Similar to aggregate interfaces, a soft switch interface functions like a normal interface. A
soft switch interface has one IP address. You create firewall policies to and from soft
switch interfaces and soft switch interfaces can be added to zones. There are some
limitations; soft switch interfaces cannot be monitored by HA or used as HA heartbeat
interfaces.
To add interfaces to a software switch group, no configuration settings can refer to those
interfaces. This includes default routes, VLANs, inter-VDOM links, and policies. You can
view available interfaces on the CLI when entering the ‘
set member
’ command by using
‘?’ or <TAB> to scroll through the available list.
The CLI command to configure a software switch interface called soft_switch with port1,
external and dmz interfaces is:
config system switch-interface
edit soft_switch
set members port1 external dmz
end
For more information, see
config system switch-interface
in the
.
Administrative access to an interface
Administrative access is how an administrator can connect to the FortiGate unit to view
and change configuration settings. Two methods of administrative access are HTTPS and
SSH.
You can allow remote administration of the FortiGate unit running in NAT/Route mode, but
allowing remote administration from the Internet could compromise the security of the
FortiGate unit. You should avoid this unless it is required for your configuration.
To improve the security of a FortiGate unit that allows remote administration from the
Internet:
•
Use secure administrative user passwords.
•
Change these passwords regularly.
•
Enable secure administrative access to this interface using only HTTPS or SSH.
•
Do not change the system idle timeout from the default value of 5 minutes (see
).
For more information on configuring administrative access in Transparent mode, see
“Operation mode and VDOM management access” on page 206
To control administrative access to an interface
1
Go to
System > Network > Interface
.
2
Choose an interface and select
Edit
.
3
Select the
Administrative Access
methods for the interface.
4
Select
OK
.
Interface MTU packet size
To improve network performance, you can change the maximum transmission unit (MTU)
of the packets that the FortiGate unit transmits. Ideally, the MTU should be the same as
the smallest MTU of all the networks between the FortiGate unit and the destination of the
packets. If the packets that the FortiGate unit sends are larger than the smallest MTU,
they are broken up or fragmented, which slows down transmission. Experiment by
lowering the MTU to find an MTU size for optimum network performance.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...