| Description |
This article describes that FortiGate does not detect any ISL or ICL the command 'diagnose switch-controller switch-recommendations fabric-lockdown-disable' returns successful but the option remains enabled.
That is expected behavior when there is only one FortiLink interface because Locking down ISLs and ICLs is one of the recommendations in the Security Rating report (Security Fabric -> Security Rating).
|
| Scope | FortiSwitch, FortiOS. |
| Solution |
To disable Lockdown ISL, need to have more than one FortiLink, it can disable ISL from GUI as below:
To disable from CLI, run the below command:
diagnose switch-controller switch-recommendation fabric-lockdown-disable
Note: From FortiOS 7.0.2 and above: Add commands to lock down ISL/ICL links between FortiSwitches so that they become static configurations:
diagnose switch-controller switch-recommendation fabric-lockdown-check diagnose switch-controller switch-recommendation fabric-lockdown-disable diagnose switch-controller switch-recommendation fabric-lockdown-enable
This adds stability during events such as cable disconnection or power outages.
Note: The issue is now resolved on the new FortiGate v7.4.8 GA and v7.6.3 GA and higher versions:
1015992 - WiFi & Switch Controller -> FortiLink Interface: When a FortiLink interface is down and the 'Lockdown ISL' toggle is set to 'disable' on the GUI, the setting is not retained. FortiOS 7.4.8 resolved issues. FortiOS 7.6.3 resolved issues.
Related documents: |
