In previous versions of FortiOS, you can use the software switch feature to group independent interfaces into a single logical switch. In this virtual software switch, all of the interfaces share the same IP address and be connected to the same subnet and traffic would pass between them as if they were switch ports, with no firewall or other FortiGate features applied to the traffic. However, the virtual software switch feature just simulates a switch and, since the FortiGate CPU must process the switch traffic, performance can be affected if the FortiGate unit becomes busy processing a lot of traffic.

In FortiOS 5.0, for FortiGate models that have internal hardware switches, you can use the following command to group interfaces in the hardware switch into virtual hardware switches in which all traffic between the switch ports is processed on the switch itself and the FortiGate CPU is not involved resulting in improved performance.

Recent FortiGate models with internal hardware switches support this feature.

Use the following command to create a virtual hardware switch using ports p1, p2, p3, and p4: