Skip to main content
MartinWong
MartinWong
New Member
September 16, 2025
Question

FortiGate manage FortiSwitch by FortiLink over Layer3 Core Switch (Non-FortiSwitch)

  • September 16, 2025
  • 4 replies
  • 815 views

I'm trying to set up a network environment where a FortiGate centrally manages a FortiSwitch. In the existing environment, all endpoint devices are assigned to different VLANs (such as 101, 201, 301, etc.), and all endpoint device IP gateways are configured on the core switch.

 

After successfully creating the FortiLink over a Layer 3 network to manage the FortiSwitch—following the reference link and documentation—I am able to manage and assign VLANs to the FortiSwitch from the FortiGate. However, I found that user traffic and DHCP assignment are also failing on the FortiSwitch. It seems the FortiSwitch cannot receive or forward any Layer 2 or Layer 3 traffic to the core switch.

 

Please advise if there is any misconfiguration or if you have any suggestions. Thank you very much!

 

Current Network Environment/HLD:

Internal Firewall (FortiGate) <-> Layer3 Core Switch (Cisco, H3C, Juniper, etc) <-> Access Switch (FortiSwitch) <-> User/Endpoint Devices

 

Refer by below reference document and link:

https://community.fortinet.com/t5/FortiSwitch/Technical-Tip-FortiLink-over-Layer-3-Fortiswitch/ta-p/268167

https://docs.fortinet.com/document/fortiswitch/7.6.4/fortilink-guide/801182/fortilink-mode-over-a-layer-3-network

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/f95debc4-9eb4-11ee-8673-fa163e15d75b/FortiSwitchOS-7.4.2-FortiLink_Guide_%28FortiOS_7.4.2%29.pdf

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/8b301f7c-7eb5-11f0-9bfd-6af4c3636dc7/FortiSwitchOS-7.6.4-FortiLink_Guide_%28FortiOS_7.6.4%29.pdf

https://www.youtube.com/watch?v=NYiL95nINv0

4 replies

Stephen_G
Moderator
Stephen_G
Moderator
September 18, 2025

Hello MartinWong,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Stephen_G - Fortinet Community Team
Stephen_G
Moderator
Stephen_G
Moderator
September 22, 2025

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Stephen_G - Fortinet Community Team
    HarryTran
    Staff
    HarryTran
    Staff
    September 22, 2025

    Not sure how your network structure is, it seems to hit the limitation of "FortiLink mode over a layer-3 network": No layer-2 data path component, such as VLANs, can span across layer 3 between the FortiGate unit and the FortiSwitch unit.

    MartinWong
    MartinWongAuthor
    New Member
    September 26, 2025

    Hi Harry and Stephen,

     

    Thank you for your support. However, in my lab environment, there is currently one core switch and one FortiSwitch for testing. The core switch is configured with all the user VLAN subnet gateways and the DHCP relay. Therefore, I believe there should not be any need for a Layer 2 data path to span across the Layer 3 network to the FortiGate. In my lab results, I also found that there is no Layer 2 communication between the core switch and the FortiSwitch.

     

    Thank you

     

    Martin

     

    Terms & ConditionsAccessibility statement