Skip to main content
Tezro
Tezro
New Member
January 14, 2021
Question

Fortilink (switch - fortigate) over media converter not working ...

  • January 14, 2021
  • 4 replies
  • 15739 views

Hello,   The issue is: why Fortilink cannot be established over a media converter ? What are the limitations ...? Vendors of ""proper"" media-converters ??? I thought that media converter is only a dump converter: from electric signals to optical -so it does not introduce anything in the traffic -> ergo it completely transparent and FolrtiLink shoul (!) works   What about config like this Of course : -FG is configured for FortLink on the port that is connected to the media-converter -SFP are proper for the fiber : SFP SM for SM fiber type -Link on BOTH sides are UP and blinking... [F-Gate UTP] <--Cat 5e copper --> [ UTP  MediaConverter  SFP] <--Fiber --> [SFP  FortiSwitch]   any magic command from CLI (again...!) on Fgate or Fswitch ?????   UPDATE: the SAME Fortinet SFP module plugged from switch to Fluke Analyzer and connected via media-converter to normal  (non-fortilink) port in FGate  works from the first kick ...   WTH ?!?!?!?   THA   Tezro

    4 replies

    bmduncan34
    bmduncan34
    New Member
    January 14, 2021

    Why can't you just do all fibre or all copper between the gate and the switch?

    Tezro
    TezroAuthor
    New Member
    January 14, 2021

    I'd love to, really! but ....

    I have a couple of installations where FG-80x is to big (mostly 50x 60x) ... and this is a lowest model with SFP additionally pre-configured as WAN.

    I know, I can change this to different port but still

    Fortilink over third party devices (switches, wifi-bridges) is not straight-forward solution

     

    brycemd
    brycemd
    New Member
    January 14, 2021

    So, the connection in general works as a normal interface, but it's not activating fortilink?

     

    There's really only a handful of things needed for fortilink... Make sure DHCP server is on the interface, make sure NTP is listening, and make sure the port on the switch has the isl profile applied so it actually attempts to negotiate fortilink. The isl profile isn't always enabled on all ports on the switch, but I would expect it to be enabled on sfps by default.

     

    There are typically 2 lldp profiles on the switch, one labeled default and one labeled default-auto-isl. Only the ports that have the default-auto-isl will have fortilink enabled.

    SBarr
    SBarr
    New Member
    June 16, 2023

    After finding this topic while having the exact same issue, I saw the response by PYY and looked further into it.  After ordering converters that specifically supported VLAN traffic, it's working perfectly. I was using converters from 10Gtek and they were not working.  I switched to a converter by AD-net and it worked right away, just like using a regular ethernet cable.

    BreakerBoy
    BreakerBoy
    New Member
    October 12, 2023

    Which model of AD-net worked? I have AD-net as well, states that it works with vlans, but it does not work. Specifically, it's this model - https://www.amazon.com/Multimode-Gigabit-Fiber-Converter-Built/dp/B07DWXXTT9.

    Faiza_Emam_Delhi
    Faiza_Emam_Delhi
    Visitor III
    June 16, 2023

    Hello

     

    FortiLink is a proprietary protocol that is used by Fortinet to establish a secure link between FortiGate and FortiSwitch devices. It's designed to work over Ethernet cables or fiber optic cables, and it's not recommended to use media converters between the devices.

     

    Media converters are designed to convert signals from one media type to another, such as from copper to fiber optic or vice versa. While media converters are transparent to the traffic passing through them, they can introduce latency, jitter, and other issues that can cause problems with FortiLink.

     

    Additionally, Fortinet recommends using Fortinet-branded SFP modules in both FortiGate and FortiSwitch devices to ensure optimal performance and compatibility. Using third-party SFP modules can cause issues with FortiLink and other Fortinet features.

     

    If you need to connect FortiGate and FortiSwitch devices over a long distance, it's recommended to use fiber optic cables and repeaters instead of media converters. Fortinet also offers a range of network switches that are designed to work seamlessly with FortiGate devices, such as the FortiSwitch series.

     

    Regarding your updated information, it's possible that the FortiLink protocol is not properly configured on the FortiGate or FortiSwitch devices. You may need to verify the configuration settings on both devices and ensure that the FortiLink protocol is enabled and configured correctly.

     

    I hope this helps! Let me know if you have any further questions.

      BostonBruno
      BostonBruno
      New Member
      June 27, 2023

      I'm facing an issue with establishing Fortilink over a media converter, and I'm seeking some insights from fellow community members. Despite the assumption that a media converter simply converts electrical signals to optical signals without introducing any changes to the traffic, I am unable to establish a successful Fortilink connection. I have ensured that the FortiGate (FG) is configured for Fortilink on the port connected to the media converter, and both ends of the link are UP and blinking. However, for some reason, the Fortilink connection does not work as expected.

      Terms & ConditionsAccessibility statement