Chapter 2 Getting Started : Installation : Installing a FortiGate in NAT/Route Mode : Selecting an Internal Switch mode : Switch mode vs Interface mode
  
Switch mode vs Interface mode
In Switch mode, all of the internal interfaces are part of the same subnet and treated as a single interface, which is called either lan or internal by default, depending on the FortiGate model. Switch mode is commonly used in settings where the network layout is fairly basic, with most users being on the same subnet.
In Interface mode, the physical interfaces of the FortiGate unit are configured and handled individually, with each interface having its own IP address. Interfaces can be logically or virtually combined by configuring them as part of either hardware or software switches (for more information, see “Hardware Switches vs Software Switches”), which allow multiple interfaces to be treated as a single interface. FortiGate units that are in Interface mode by default start with a hardware switch called either lan or internal, depending on the FortiGate model. This mode is designed for complex networks where different subnets are used to compartmentalize the network traffic.
The default mode that a FortiGate starts in varies depending on the model. Switch mode has been the most common factory default setting; however, the number of models that have Interface mode as their default setting is increasing.
In order to determine which mode your FortiGate unit is in, go to System > Network > Interfaces. Locate the interface called either lan or internal, which all FortiGate units have be default. If the interface is listed as a physical interface in the Type column, then your FortiGate is in Switch mode. If the interface is a hardware switch, then your FortiGate is in Interface mode.
You can also determine what mode your FortiGate is by going to System > Dashboard > Status and enter either of the following commands into the CLI Console: config system global show. In the output that is displayed after you hit the Enter key, find the line that begins with set internal-switch-mode. This will tell you which mode your FortiGate is currently in.
If you need to change the mode your FortiGate unit is in, go to System > Dashboard > Status and enter either of the following commands into the CLI Console:
 
Before switching modes, you must make sure that none of the physical ports that make up the lan or internal interface are referenced in the FortiGate configuration.
1. Command to change the FortiGate to Switch mode:
config system global
set internal-switch-mode switch
end
2. Command to change the FortiGate to Interface modeHub mode:
config system global
set internal-switch-mode interface
end
 
There is a third mode, called Hub mode, that is available on some FortiGate models. Hub mode is similar to Switch mode, except the network device that it is emulating is a Layer 2 device instead of Layer 3. In Hub mode, he interfaces do not learn the MAC addresses of the devices on the network they are connected to and may also respond quicker to network changes in some circumstances.
You should only select Hub mode if you are having network performance issues when operating with Switch mode. The configuration of the FortiGate unit is the same whether in Switch mode or Hub mode.