Entry-level FortiGates usually have all the physical LAN interfaces wired into a single switch chip, and the factory-default configuration on these units defines a single virtual switch called "internal" which bridges all the LAN interfaces. The "internal" interface is then configured with a static IP address, a DHCP server and an IPv4 firewall policy which allows and applies source-NAT to all traffic coming in on the "internal" interface and going out the "wan" or "wan1" interface.
This configuration is fine for very simple deployments, but all of the smaller FortiGates that I've set up for my current employer have required splitting up the LAN interfaces into multiple virtual switches or multiple routed interfaces. The FortiGates won't let you delete a logical object in the configuration if that object is referenced anywhere else, so before you can delete the default virtual "internal" switch you need to delete the default IPv4 policy and the default DHCP server, since both of those reference the "internal" interface.
Below is a quick summary of the commands to do this through the CLI on a factory default. This will irreversibly delete all IPv4 firewall polices and DHCP server configuration, so obviously you wouldn't want to do this on a production device, only one with a factory-default configuration.
config firewall policy
purge
config system dhcp server
purge
config system virtual-switch
purge
Basically this enters the IPv4 policy configuration context and deletes everything, enters the DHCP server configuration context and deletes everything, and finally enters the virtual switch configuration context and deletes everything. Once again, do not do this on a production device.
