Name | Enter a name of the interface. Physical interface names cannot be changed. | |
Alias | Enter an alternate name for a physical interface on the FortiGate unit. This field appears when editing an existing physical interface. The alias can be a maximum of 25 characters. The alias name will not appears in logs. | |
Link Status | Indicates whether the interface is connected to a network (link status is Up) or not (link status is Down). This field appears when editing an existing physical interface. | |
Type | Select the type of interface that you want to add. On some models you can set Type to 802.3ad Aggregate or Redundant Interface. | |
Interface | Displayed when Type is set to VLAN. Select the name of the physical interface to which to add a VLAN interface. Once created, the VLAN interface is listed below its physical interface in the Interface list. You cannot change the physical interface of a VLAN interface except when adding a new VLAN interface. | |
VLAN ID | Displayed when Type is set to VLAN. Enter the VLAN ID. You cannot change the VLAN ID except when adding a new VLAN interface. The VLAN ID can be any number between 1 and 4094 and must match the VLAN ID added by the IEEE 802.1Q-compliant router or switch connected to the VLAN subinterface. | |
Virtual Domain | Select the virtual domain to add the interface to. Admin accounts with super_admin profile can change the Virtual Domain. | |
Physical Interface Members | This section has two different forms depending on the interface type: • Software switch interface - this section is a display-only field showing the interfaces that belong to the software switch virtual interface. • 802.3ad aggregate or Redundant interface - this section includes available interface and selected interface lists to enable adding or removing interfaces from the interface. For more information, see Redundant interfaces. Select interfaces from this Available Interfaces list and select the right arrow to add an interface to the Selected Interface list. | |
Addressing mode | Select the addressing mode for the interface. • Select Manual and add an IP/Netmask for the interface. If IPv6 configuration is enabled you can add both a IPv4 and an IPv6 IP address. • Select DHCP to get the interface IP address and other network settings from a DHCP server. For more information, see DHCP addressing mode on an interface • Select PPPoE to get the interface IP address and other network settings from a PPPoE server. For more information, see PPPoE addressing mode on an interface. • Select One-Arm Sniffer to enable the interface as a means to detect possible traffic threats. This option is available on physical ports not configured for the primary Internet connection. For more information see One-armed sniffer. • Select Dedicate to FortiAP/FortiSwitch to have a FortiAP unit or FortiSwitch unit connect exclusively to the interface. This option is only available when editing a physical interface, and it has a static IP address. When you enter the IP address, the FortiGate unit automatically creates a DHCP server using the subnet entered. This option is not available on the ADSL interface. The FortiSwitch option is currently only available on the FortiGate-100D. | |
IP/Netmask | If Addressing Mode is set to Manual, enter an IPv4 address/subnet mask for the interface. FortiGate interfaces cannot have IP addresses on the same subnet. | |
IPv6 Address | If Addressing Mode is set to Manual and IPv6 support is enabled, enter an IPv6 address/subnet mask for the interface. A single interface can have both an IPv4 and IPv6 address or just one or the other. | |
Administrative Access | Select the types of administrative access permitted for IPv4 connections to this interface. | |
HTTPS | Allow secure HTTPS connections to the web‑based manager through this interface. If configured, this option will enable automatically when selecting the HTTP option. For information on this setting, see “HTTPS redirect”. | |
PING | Interface responds to pings. Use this setting to verify your installation and for testing. | |
HTTP | Allow HTTP connections to the web‑based manager through this interface. If configured, this option will also enable the HTTPS option. For information on this setting, see “HTTPS redirect”. | |
SSH | Allow SSH connections to the CLI through this interface. | |
SNMP | Allow a remote SNMP manager to request SNMP information by connecting to this interface. | |
TELNET | Allow Telnet connections to the CLI through this interface. Telnet connections are not secure and can be intercepted by a third party. | |
FMG-Access | Allow FortiManager authorization automatically during the communication exchange between the FortiManager and FortiGate units. | |
FCT-Access | You can configure a FortiGate interface as an interface that will accept FortiClient connections. When configured, the FortiGate unit sends broadcast messages which the FortiClient software running on a end user PC is listening for. | |
CAPWAP | Allows the FortiGate unit’s wireless controller to manage a wireless access point, such as a FortiAP unit. | |
IPv6 Administrative Access | Select the types of administrative access permitted for IPv6 connections to this interface. These types are the same as for Administrative Access. | |
Security Mode | Select a captive portal for the interface. When selected, you can define the portal message and look that the user sees when logging into the interface. You can also define one or more user groups that have access to the interface. | |
DHCP Server | Select to enable a DHCP server for the interface. For more information on configuring a DHCP server on the interface, see “DHCP servers and relays”. | |
Detect and Identify Devices | Select to enable the interface to be used with BYOD hardware such as iPhones. Define the device definitions by going to User & Device > Device. | |
Add New Devices to Vulnerability Scan List | This option appears when Detect and Identify Devices is enabled. When enabled, the FortiGate unit performs a network vulnerability scan of any devices detected or seen on the interface. The vulnerability scan occur as configured, either on demand, or as scheduled. | |
Broadcast Discovery Messages | Available when FCT-Access is enabled for the Administrative Access. Select to enable sends broadcast messages which the FortiClient software running on a end user PC is listening for. Once enabled, the FortiGate unit broadcasts a discovery message that includes the IP address of the interface and listening port number to the local network. All PCs running FortiClient on that network listen for this discovery message. | |
Enable Explicit Web Proxy | Available when enabling explicit proxy on the System Information Dashboard (System > Dashboard > Status). This option is not available for a VLAN interface selection. Select to enable explicit web proxying on this interface. When enabled, this interface will be displayed on System > Network > Explicit Proxy under Listen on Interfaces and web traffic on this interface will be proxied according to the Web Proxy settings. | |
Enable STP | With FortiGate units with a switch interface is in switch mode, this option is enabled by default. It enables the single instance MSTP spanning tree protocol. | |
Listen for RADIUS Accounting Messages | Select to use the interface as a listening port for RADIUS content. | |
Secondary IP Address | Add additional IPv4 addresses to this interface. Select the Expand Arrow to expand or hide the section. | |
Comments | Enter a description up to 63 characters to describe the interface. | |
Administrative Status | Select either Up (green arrow) or Down (red arrow) as the status of this interface. Up indicates the interface is active and can accept network traffic. Down indicates the interface is not active and cannot accept traffic. | |
Gi Gatekeeper (FortiOS Carrier only) | For FortiOS Carrier, enable Gi Gatekeeper to enable the Gi firewall as part of the anti-overbilling configuration. You must also configure Gi Gatekeeper Settings by going to System > Admin > Settings. | |