What are interface roles and aliases used for on FortiGates?

Newcomers to FortiGate technology may have noticed a couple recurring items in the admin console UI: Alias and Role. What are these? Why are they helpful? In short, they help reduce errors (misconfiguration).

An interface role helps define what function/purpose a given network interface will have. For example: is there a common/valid reason for a firewall to function as a DHCP server over a WAN interface? I'd argue probably not (at least not as a common use case). So when an interface has this selected role in the FortiGate admin console, there's no UI settings for functioning as a DHCP server. It removes the clutter and reduces possibility of error.

Interface role options in the FortiGate admin console include:

• LAN
• WAN
• DMZ
• Undefined

Again, the primary goal here is to avoid accidental misconfiguration. That said, there's also edge case scenarios. For power users that need it, "undefined" is a role type that will essentially show all options.

Aliases are just friendly names for interfaces. They're very helpful because they allow admins to quickly understand the purpose of a port while in other sections of the UI. For example, an admin might not necessarily remember that port 5 is their primary Internet circuit connection, but having a friendly designation of "Main_Internet(Port5)" show up on various configuration pages makes things more clear 😄.