Troubleshooting Tip: FortiGate FortiLink fails to add a FortiSwitch with error 'add fortilink error:-1'

mtse · ‎02-17-2025

Description

This article describes how to troubleshoot the problem when a FortiSwitch fails to be added to FortiGate by FortiLink due to a missing default switch-controller qos configuration.

If a FortiGate fails to add a FortiSwitch by FortiLink and debug fortilinkd shows the error 'add fortilink error:-1' like below, it suggests that the FortiGate is not able to create the managed-switch ports on the CMDB.

To enable debugging:

diagnose debug application fortilink 2

diagnose debug enable

381s:235ms:656us fl_switch_addlink[1402]:FSW count 0 Maximum FSW supported 24 max_fsw_error_flag 0

381s:257ms:551us fl_add_switch_ports[834]:Add switch portcount 28 port(port)

381s:258ms:79us fl_switch_update_port_properties[97]:poe_port 0->1 b

381s:258ms:152us fl_switch_update_port_properties[138]:properties b 0x0->0x2

381s:258ms:217us fl_switch_update_port_properties[219]:b speed=0x40

381s:258ms:281us fl_add_switch_port[684]:Add switch(S224EPTF21009999) interface port1 properties(0x2) fl=0

381s:262ms:137us fl_add_switch_port[690]:S224EPTF21009999: port add failed for port1

381s:262ms:307us fl_add_switch_ports[842]:S224EPTF21009999: port add failed vlan=_default

381s:262ms:399us fl_switch_addlink[1429]:S224EPTF21009999: ports add failed, deleting switch

381s:266ms:919us fl_switch_cmf_delete[1129]:S224EPTF21009999: switch deletion successful with port-count 0

381s:267ms:592us fl_switch_addlink[1447]:ERR:-1 sw=S224EPTF21009999 node=b phyport=b, peername=internal

381s:267ms:681us __s_wait_conn_enter[28]:add fortilink error:-1 node:b sw:

To enable disable debugging:

diagnose debug disable

Scope

FortiGate, FortiSwitch.

Solution

The default switch-controller QoS configs should have been created on FortiGate after a factory-reset or fresh boot.

If they are missing (such as previously being deleted by accident or whatever reason), try to correct it by adding the default switch-controller QoS configurations.

For example:

Default switch-controller qos configs:

config switch-controller qos queue-policy
    edit "default" <-----
        set schedule round-robin
        set rate-by kbps
        config cos-queue
            edit "queue-0"
            next
            edit "queue-1"
            next
            edit "queue-2"
            next
            edit "queue-3"
            next
            edit "queue-4"
            next
            edit "queue-5"
            next
            edit "queue-6"
            next
            edit "queue-7"
            next
        end
    next
end

config switch-controller qos qos-policy
edit "default" <-----
next
end

config switch-controller auto-config policy
    edit "pse"
        set qos-policy "default" <-----
        set storm-control-policy "auto-config"
        set poe-status enable
        set igmp-flood-report disable
        set igmp-flood-traffic disable
    next
    edit "default"
        set qos-policy "default" <-----
        set storm-control-policy "auto-config"
        set poe-status enable
        set igmp-flood-report disable
        set igmp-flood-traffic disable
    next
    edit "default-icl"
        set qos-policy "default" <-----
        set storm-control-policy "auto-config"
        set poe-status disable
        set igmp-flood-report enable
        set igmp-flood-traffic enable
    next
end

Related documents:

Configuring FortiLink

FortiLink Compatibility

Technical Tip: Managed FortiSwitch onboarding Troubleshooting Guide

Technical Tip: Debug commands to analyze FortiLink communication

Troubleshooting Tip: FortiGate FortiLink fails to add a FortiSwitch with error 'add fortilink error:-1'

You are leaving our website