Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lgupta
Staff
Staff

Created on ‎08-27-2023 10:37 PM Edited on ‎12-11-2024 08:11 AM By Moderator

Article Id 270600

Technical Tip: How to add/connect FortiSwitch to FortiGate on any interface

Description

 

This article describes the configuration requirements on FortiGate to connect the FortiSwitch to FortiGate's physical interface and manage it.

 

Scope

 

FortiGate.

 

Solution

Any interface can be used for the FortiLink connection, not just the default interface on new configuration.

In order to use an arbitrary interface for FortiLink, follow these steps:

 

  1. Create a new interface, set the type to '802.3ad Aggregate' and add the physical interface(s) as members.


lag-inteface.PNG

 

 

  1. Assign an IP and subnet to this interface. It should not be a /32, as an IP is needed on each switch for management. Save the changes.
  2. In order to make this a FortiLink interface, a CLI change is needed. Edit the new interface, and select 'Edit in CLI'.
    Run 'set fortilink enable', and ensure the configuration is similar to the one seen below:

 

config system interface

    edit "LAG-Interface"

        set ip 10.255.2.1 255.255.255.0   <----- IP Assigned with /24.

        set fortilink enable   <-----   FortiLink is enabled.

        set allowaccess ping fabric

        set type aggregate  

        set member "internal1" <----- Internal1 is a member of this aggregate interface.

    end

Once done, ensure the changes are saved by running 'end' in the open CLI window. It is now safe to close the CLI window.

 

  1. Once FortiLink has been enabled in the above step, multiple VLAN interfaces are automatically created under LAG-interface. Do not delete these.
  2. Make sure that DHCP is enabled for the 'LAG-interface'. FortiSwitch will grab IP from this scope and this IP is explicitly for the management of the FortiSwitch.
  3. Select Advanced under DHCP settings and select LOCAL for NTP Server.

LAG-interface settingsLAG-interface settings

 

  1. Ensure that the new interface is selected to listen for NTP under System -> Settings.


ntp setting.PNG

  1. Now, connect the FortiSwitch to the physical interface chosen (internal1 here) as a member of the LAG-interface.
  2. Wait around 2 minutes and the FortiSwitch will be visible in Managed FortiSwitches. Authorize the device under Wireless and Switch Controller -> Managed FortiSwitches, 'right-click' on the FortiSwitch, and Authorize.
  3. Wait for 5-10 minutes and confirm if the device comes online.

After Authorizing the FortiSwitchAfter Authorizing the FortiSwitch

 

  1. If the FortiSwitch is still showing as offline, reboot the FortiSwitch and monitor.

 

Related article:

Troubleshooting Tip: Fix FortiSwitch showing with the 'Offline' status

8170
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.