Sometimes you can't set duplex/speed settings of the Fortigate interfaces.Important note: depends on which interface you are trying to set!.
Upon careful examination turns out that you can't set duplex/speed settings of 4-port switch interfaces only, i.e. Internal interface of Fortigate 60, 60M, 100A, 200A, and FortiWiFi-60 and also LAN interface of 500A .
Tried on FG100A FortiOS v4.0,build0178,090820 (MR1)
FG100 (dmz2) # set speed 100full 100M full-duplex 100half 100M half-duplex 10full 10M full-duplex 10half 10M half-duplex auto auto adjust speedWorking most of the time with Cisco gear I'm (and others) used to being able to set duplex/speed parameters on the physical interfaces to my liking.This comes as a necessity when connecting cisco to various equipment of differing quality. So it was a surprise to me when I encountered layer1/layer2 connectivity problem between some Fortigate 200A and Cisco router and tried to set manually duplex full/speed 100 on the Fortigate just to find out that it is impossible to do it on that Fortigate.It was possible back in the days of FortiOS 2.80 (and early 3.0 - I guess up until MR5) :
# conf sys int
(interface)# edit internal
(internal)# set speed
100full 100M full-duplex 100half 100M half-duplex 10full 10M full-duplex 10half 10M half-duplexBut then Fortinet dropped this option and the only (not direct) explanation found on their site is this memo:"Locked-down port policies (forcing speed, duplex, and link capabilities with auto-negotiation disabled) areoutdated. Legacy and historical reasons for forced setup with auto-negotiation disabled dateback many years when the technology was new..."
Now we can see what is the negotiated status of the links (this command also shows errors/collisions/MTU on the interface) :
FG100 # diagnose hardware deviceinfo nic internal
Description VIA VT6102 Rhine-II Part_Number N/A Driver_Name via-rhine Driver_Version 1.1.17 PCI_Vendor 0x1106 PCI_Device_ID 0x3065 PCI_Subsystem_Vendor 0x3065 PCI_Subsystem_ID 0x1106 PCI_Revision_ID 0x74 PCI_Address 0:12.0 PCI_Bus_Type Memory 0x0000f400 IRQ 11 System_Device_Name internal Current_HWaddr 00:09:0f:30:32:11 #In HA set up primary member would have different , virtual MAC address Permanent_HWaddr 00:09:0f:30:32:11 Link up Speed 100 Duplex forced full FlowControl off State up(0x00001103) MTU_Size 1392 Rx_Packets 89944267 Tx_Packets 73437299 Rx_Bytes 370540924 Tx_Bytes 428118992 Rx_Errors 0 Tx_Errors 0 Rx_Dropped 0 Tx_Dropped 0 Multicast 8810 Collisions 0 Rx_Length_Errors 0 Rx_Over_Errors -0 Rx_CRC_Errors 0 Rx_Frame_Errors 0 Rx_FIFO_Errors 0 Rx_Missed_Errors 0 Tx_Aborted_Errors 0 Tx_Carrier_Errors 0 Tx_FIFO_Errors 0 Tx_Heartbeat_Errors 0 Tx_Window_Errors 0 Tx_Single_Collision_Frames 0 Tx_Multiple_Collision_Frames 0 Rx_Frame_Too_Longs 0 Rx_Symbol_Errors 0 Rx_Control_Unknown_Opcodes 0 Rx_Pause_Frames 0 Tx_Pause_Frames 0 Scatter_Gather OFF poll_intr_switch 0 rx_tasklet_pkts 92505560 xmit queue 0 recv queue -64 phy_id= 1/1Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.
