Technical Tip: How to resolve the 'system/interface/fortilink/allowaccess : cannot change allowaccess if when fortilink is enabled' error in FortiGate/FortiManager

kumarh · ‎08-18-2024

Description

This article describes how to resolve the 'system/interface/fortilink/allowaccess : cannot change allowaccess if when fortilink is enabled' error in FortiGate/FortiManager.

If it is desired to add administrative access in FortiGate or via FortiManager, it can be possible to encounter the below error:

image (2).png

Scope

All FortiGate Firmware versions.

Solution

In the FortiLink interface, it is possible to allow administrative access. This error is expected behavior as FortiLink interfaces do not permit these changes.

To allow administrative access, it is necessary to enable it on the switch controller. This configuration will then be pushed to managed FortiSwitches via FortiLink.

For example, to allow SNMP or telnet, it is necessary to configure:

config switch-controller security-policy local-access

edit "{default | <policy_name>}"

set mgmt-allowaccess <options> snmp telnet

set internal-allowaccess <options> snmp telnet

next
end

Additionally, it is necessary to create a firewall policy allowing SNMP traffic between the SNMP server and the FSWs. Follow the guide below for detailed instructions:
Configuring SNMP