Creating an interface
To create an interface:
- Go to Network > Interfaces.
- From +Create New, select Interface.
The New Interface window opens.
- Enter the following information:
Name
Name of the interface.
Alias
Enter an alternate name for a physical interface on the FortiPAM device. This field appears when you edit an existing interface. The alias does not appear in logs.
The maximum length of the alias is 25 characters.
Type
From the dropdown, select a configuration type:
802.3ad Aggregate
Redundant Interface
VLAN (default)
VLAN protocol
Select either 802.1Q or 802.1AD.
Note: The field is available when Type is set to VLAN.
Interface
Select the name of the physical interface that you want to add a VLAN interface to. Once created, the VLAN interface is listed below its physical interface in the Interface list.
You cannot change the physical interface of a VLAN interface.
Use the search bar to look for an interface.
Use the pen icon next to an interface to edit the interface.
Note: The field is available when Type is set to VLAN.
VLAN ID
Enter the VLAN ID. The VLAN ID can be any number between 1 and 4094 and must match the VLAN ID added by the IEEE 802.1Q-compliant router or switch that is connected to the VLAN subinterface.
The VLAN ID can be edited after the interface is added.
Note: The field is available when Type is set to VLAN.
Interface members
Select members for some interface types.
Note: The field is available when Type is set to 802.3ad Aggregate or Redundant Interface.
Role
Set the role setting for the interface. Different settings will be shown or hidden when editing an interface depending on the role:
LAN: Used to connected to a local network of endpoints. It is default role for new interfaces.
WAN: Used to connected to the internet. When WAN is selected, the Estimated bandwidth setting is available, and Create address object matching subnet is not available.
DMZ: Used to connected to the DMZ.
Undefined: The interface has no specific role. When selected, Create address object matching subnet is not available.
Estimated bandwidth
The estimated WAN bandwidth, in kbps (upstream and downstream).
The values can be entered manually, or saved from a speed test executed on the interface. These values are used to estimate WAN usage.
Note: The option is only available when the Role is set as WAN.
Address
Addressing mode
Select the addressing mode for the interface.
Manual: Add an IP address and netmask for the interface.
DHCP: Get the interface IP address and other network settings from a DHCP server.
IP/Netmask
If Addressing mode is set to Manual, enter an IPv4 address and subnet mask for the interface.
FortiPAM interfaces cannot have IP addresses on the same subnet.
Note: The option is only available when the Addressing mode is Manual.
Retrieve default gateway from server
Enable to retrieve the default gateway from the server.
The default gateway is added to the static routing table.
Note: The option is enabled by default.
Note: The option is only available when the Addressing mode is DHCP.
Distance
Enter the administrative distance for the default gateway retrieved from the DHCP server (default = 5, 1 - 255).
Distance specifies the relative priority of a route when there are multiple routes to the same destination. A lower administrative distance indicates a more preferred route.
Note: The option is only available when Retrieve default gateway from server is enabled.
Override internal DNS
Enable to use the DNS addresses retrieved from the DHCP server instead of the DNS server IP addresses on the DNS page.
Note: The option is enabled by default.
Note: The option is only available when the Addressing mode is DHCP.
Create address object matching subnet
Enable to automatically create an address object that matches the interface subnet.
Note: The option is enabled by default.
Note: The option is available when Role is set to LAN or DMZ.
Secondary IP address
Add additional IPv4 addresses to this interface.
Note: The option is disabled by default.
Note: The option is only available when the Addressing mode is Manual.
Administrative Access
IPv4
Select the types of administrative access permitted for IPv4 connections to this interface.
Miscellaneous
Comments
Optionally, enter comments about the source interface.
Status
Enable/disable the source interface.
- Click OK.