Here's a Fortinet technical guide in changing the interface VLAN ID in a FortiGate firewall. I tried changing the VLAN ID (565 > 555) using the CLI first but received an error below. So I used the web GUI instead.
FW01_PRI (inet) # config system interface
FW01_PRI (interface) # edit "po1.565"
FW01_PRI (po1.565) # show
config system interface
edit "po1.565"
set vdom "inet"
set ip 172.x.x.x 255.255.255.248
set allowaccess ping
set alias "inside-inet"
set device-identification enable
set role lan
set snmp-index 151
set interface "po1"
set vlanid 565
next
end
FW01_PRI (po1.565) # set vlanid 555
FW01_PRI (po1.565) # end
VLAN ID, VLAN protocol, or physical interface cannot be changed once a VLAN has been created.
object set operator error, -522 discard the setting
Command fail. Return code -522
To change the interface VLAN ID, go to Network > Interfaces > select interface > VLAN ID > Edit.
Type the new VLAN ID > click Next.
Review settings > click Update.
Click OK to proceed.
The new VLAN ID got reflected afterwards. This is applicable if it's a new interface/config and there are no dependencies on the interface.
I tried changing the interface VLAN ID (90 > 100) of a production FortiGate with Firewall Policies and VPN tunnel dependencies but got a "Failed" status.
To quickly update the interface VLAN ID, download the config file, edit the VLAN ID using notepad then upload/restore in the FortiGate. It's advisable to perform this in a maintenance window since FortiGate will need a reboot.
No comments:
Post a Comment