Software switch
A software switch, or soft switch, is a virtual switch that's implemented at the software, or firmware level, rather than the hardware level. A software switch can be used to simplify communication between devices connected to different FortiGate interfaces. For example, using a software switch, you can place the FortiGate interface connected to an internal network on the same subnet as your wireless interfaces. Then, devices on the internal network can communicate with devices on the wireless network without any additional configuration such as additional security policies, on the FortiGate.
It can also be useful if you require more hardware ports for the switch on a FortiGate. For example, if your FortiGate device has a 4-port switch, WAN1, WAN2 and DMZ interfaces, and you need one more port, you can create a soft switch that can include the 4-port switch and the DMZ interface all on the same subnet. These types of applications also apply to wireless interfaces and virtual wireless interfaces and physical interfaces, such as those with FortiWiFi and FortiAP devices.
Similar to a hardware switch, a software switch functions like a single interface. A software switch has one IP address; all of the interfaces in the software switch are on the same subnet. Traffic between devices connected to each interface aren't regulated by security policies, and traffic passing in and out of the switch are affected by the same policy.
There are a few things to consider when setting up a software switch:
- Ensure you create a backup of the configuration.
- Ensure you have at least one port or connection such as the console port to connect to the FortiGate. If you accidentally combine too many ports, you will need a way to undo any errors.
- The ports that you include must not have any link or relation to any other aspect of the FortiGate. For example, DHCP servers, security policies, and so on.
- For increased security, you can create a captive portal for the switch, allowing only specific user groups access to the resources connected to the switch.
- To add an interface to a software switch, the interface can't be referenced by the existing configuration. It must also have its IP address set to 0.0.0.0/0.0.0.0.
To create a software switch – CLI
config system switch-interface
edit <switch-name>
set type switch
set member <interface_list>
next
end
config system interface
edit <switch_name>
set ip <ip_address>
set allowaccess https ssh ping
next
end
Copyright © 2022 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
