Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lfernando
Staff
Staff

Created on ‎03-28-2025 09:29 AM Edited on ‎08-19-2025 11:00 AM By Moderator

Article Id 385127

Technical Tip: How to Integrate FortiSwitch and FortiAP into FortiGate

Description This article describes the process of integrating FortiSwitch and FortiAP with FortiGate. 
Scope FortiGate.
Solution

To integrate FortiSwitch and FortiAP with FortiOS on a FortiGate, enable the 'WiFi & Switch Controller' feature in the Feature Visibility settings.

 

Scenario:

 

lfernando_0-1743177688940.png

 

Verify that these features are enabled and that all cable connections are ready.

 

lfernando_1-1743177688942.png

 

Edit interfaces from Forti Link.

 

lfernando_2-1743177688944.png

 

Choose port members.

  

lfernando_3-1743177688947.png

 

Wait for a few minutes for the ports to turn green.

 

lfernando_4-1743177688948.png

 

Manage the FortiSwitches.

 

lfernando_5-1743177688950.png

 

Use the following command to validate the setup:

 

diagnose switch-controller switch-info lldp neighbors-summary

 

lfernando_6-1743177688952.png

 

To manage a FortiAP, create a VLAN 2 for Management.

Go to 'Wi-Fi & Switch Controller', then go to FortiSwitch VLANs and create it.

 

lfernando_7-1743177688954.png

 

lfernando_8-1743177688956.png

 

'Right-click' and assign a port for a certain VLAN in the switch.

 

lfernando_9-1743177688959.png

 

Connect the FortiAPs in Managed FortiAPs.

 

lfernando_10-1743177688960.png

 

Check that the Security Fabric connector is enabled. This is important for CAPWAP communication between FortiAP and FortiGate.

 

lfernando_11-1743177688962.png

 

Authorize the FortiAPs.

 

lfernando_12-1743177688964.png

 

lfernando_13-1743177688966.png

 

Validating profiles:

 

lfernando_14-1743177688967.png

 

Finally, FortiSwitch and Forti AP will be integrated and managed by the FortiGate. 

Sometimes, disconnections used to occur due to UPS interruption or electrical power issues on-site. Use the following command to discern whether there were any disruptions from these devices:

 

diagnose debug crashlog read

 

lfernando_15-1743177688974.png
 
Note: Make sure that NTP is set to local for both, the Forti link interface in the DHCP setting and for the VLAN used for Forti AP. 
 
NTP 5.PNG
 
Note: How to recover the management by FortiSwitches after a firmware upgrade on Firewall FortiGate or similar:
 
When a FortiGate is migrated to the latest firmware version, it unfortunately loses management of the fabric. This means that any FortiLink goes down and devices show as inaccessible. 
 
A.jpg

Run the following command to validate the connectivity for devices:
 
FGT# exec switch-controller get-con-status <Serial Number from FortiSwitch>
 
B.jpg

After confirmation, check the FortiLink interface and re-enable the Security Fabric Connection. Synchronization will be restored.
 
D.jpg

Related article:
Technical Tip: Managed FortiSwitch onboarding Troubleshooting Guide
853
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.