FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sindre-FTNT
Staff
Staff
Description
This article describes how FortiOS 6.2 enables LLDP reception on WAN interfaces, and prompts FortiGates that are joining the Security Fabric if the upstream FortiGate asks.

-If an interface's role is undefined, LLDP reception and transmission inherit settings from the VDOM.
-If an interface's role is WAN, LLDP reception is enabled.
-If an interface's role is LAN, LLDP transmission is enabled.


When a FortiGate B's WAN interface detects that FortiGate A's LAN interface is immediately upstream (through the default gateway), and FortiGate A has Security Fabric enabled, FortiGate B will show a notification on the GUI asking to join the Security Fabric.


Solution
To configure LLDP reception and join a Security Fabric:

1) Go to Network -> Interfaces.
2) Configure an interface:

-If the interface's role is undefined, under Administrative Access, set Receive LLDP and Transmit LLDP to Use VDOM Setting.


Using the CLI:
#config system interface
    edit "port3"
        set lldp-reception vdom
        set lldp-transmission vdom
        set role undefined
        ...
    next
end
-If the interface's role is WAN, under Administrative Access, set Receive LLDP to Enable and Transmit LLDP to Use VDOM Setting.


Using the CLI:
#config system interface
    edit "wan1"
        set lldp-reception enable
        set lldp-transmission vdom
        set role wan
        ...
    next
end
-If the interface's role is LAN, under Administrative Access, set Receive LLDP to Use VDOM Setting and Transmit LLDP to Enable.



Using the CLI:
#config system interface
        edit "port2"
            set lldp-reception vdom
            set lldp-transmission enable
            set role lan
            ...
        next
end
A notification will be shown on FortiGate B.


Click Apply to save the settings.



Using the CLI:
#config system csf
    set status enable
    set upstream-ip 10.2.200.1
end


Contributors