I'm trying to get a software switch configuration working on a Fortigate 100D. It appears like devices plugged into the software switch ports can communicate between each-other, but they cannot reach the IP configured for the software switch "interface" of the fortigate on same subnet. Conversely, the fortigate command-line cannot ping or reach the systems plugged into the soft switch.
Please note that the software switch was configured using instructions provided directly by the fortigate documentation and support team. No indication was given in the documentation or by the support personnel that the feature would not work correctly during runtime when enabled. See below for the solution we came up with after over hour of runtime troubleshooting with fortinet support.
The reason for using soft switch feature in this case is to have capwap wifi "interface" on same subnet as some fortigate wired clients.
I was seeking support from the ServerFault expert community to see if some other network engineer had seen this problem and found a solution. After the question was posted, we continued working the issue with Fortinet support and were able to find a solution. I would still consider this a valuable question for ServerFault since the device was not functioning according to directions provided in the FortiGate documentation and Fortinet support team.
Just finished a call with Fortinet support, apparently this is one of those features that is not fully configured until after a full system reboot (at least for FortiOS 5.0). We rebooted the Fortigate and the configured soft switch interface IP was able to communicate with the attached subnet.
This appears to be a bug in FortiOS 5.0 since the fortigate features generally are activated instantly during runtime and the documentation or support team did not seem to have a record of this feature failing to work completely without a reboot.