FortiGate Interfaces

Interfaces are connectivity medium of any network device, traffic enters from one interface and leaving the other interface.

Interfaces enable traffic to flow to and from the internal network, and the Internet and between internal networks.

Interface through which traffic is entering is referred as INGRESS Interface and trough which traffic would exit is EGRESS Interface.

Types of Interfaces

 Physical interfaces
 VLAN sub-interfaces
 Redundant interfaces
 Aggregate interfaces
Physical Interface
Interfaces that are physically mounted in the box like RJ45 interface.

Depending upon the model FortiGate units have a number of physical ports where you connect Ethernet or optical cables.

FortiGate 2000E physical interfaces (ports)

FortiGate 2000E interfaces on dashboard

By default physical interface is in enabled state.

Main properties of physical interface are duplex, speed, MAC and MTU.

By default, the physical interface uses the burned-in MAC address, and all sub-interfaces of a physical interface use the same burned-in MAC address.

The MTU is the maximum datagram size that is sent on a connection. Data that is larger than the MTU value is fragmented before being sent. The
default MTU is 1500 bytes in a block for Ethernet interfaces.

Virtual interfaces associated with a physical interface inherit the physical interface MTU size.

By default the LAN ports on desktop models are switch ports. They are represented as just one interface because all belong to the same broadcast
domain same subnet. If you want to use more ports you have to change the port mode from 'switch' to 'interface'. You can do so in the
Network>Interface section. Beware that all configuration related to the 'internal' port need to be removed before you are allowed to switch the mode.
 Secondary IP addresses to an interface

If an interface is configured with a manual or static IP address, you

can also add secondary static IP addresses to the interface.
Secondary IP addresses cannot be assigned using DCHP.

All of the IP addresses added to an interface are associated with the single MAC address of the physical interface

To configure a secondary IP, go to System > Network > Interface

Select Edit or Create New and select the Secondary IP Address check box.

Use case for using the secondary IP could be like for any reason you need to change the IP schema of subnet associated with interface then you can
configure the secondary IP first to interface, access the FortiGate and then remove existing IP.