This article explains how to access the GUI of a managed FortiSwitch by configuring a management VLAN on the FortiLink interface with a PC connected to the FortiSwitch.
Scope
FortiSwitch
Solution
Create a Management VLAN under the FortiLink Interface.
Configure a management VLAN, enable the DHCP server, and allow access to ping and HTTPS.
FW1 (root) # config system interface FW1 (interface) # edit "Test" FW1 (Test) # set ip <IP address> <Network mask> FW1 (Test) # set allowaccess ping https FW1 (Test) # set role lan FW1 (Test) # set interface <fortilink> FW1 (Test) # set vlanid 10 FW1 (Test) # next FW1 (Test) # end
Create a firewall policy with the FortiLink interface as the source and the VLAN created for FortiSwitch management as the destination.
Note: The FortiLink interface is not visible in the GUI when creating a firewall policy, so this must be configured using the FortiGate CLI.
Command to configure the policy using the FortiGate CLI:
FW1 (root) # config firewall policy FW1 (policy) # edit 80 (New policy ID) FW1 (80) # set srcintf <fortilink> FW1 (80) # set dstintf Test <- Select the respective vlan-interface for the management access. FW1 (80) # set service ALL <- Select any particular service as required. FW1 (80) # set dstaddr all FW1 (80) # set srcaddr all FW1 (80) # set schedule always FW1 (80) # end
Assign the VLAN to a specific port that will function as the management port.
Commands:
FW1 (root) # config switch-controller managed-switch FW1 (managed-switch) # edit <switch-id> FW1 (S248EFTF18xxxxxx) # config ports FW1 (ports) # edit port1 FW1 (port1) # set vlan Test FW1 (port1) # next FW1 (ports) # end FW1 (S248EFTF18xxxxxx) #end
Connect a PC to the designated management port.
The DHCP server will assign an IP address.
Ensure the FortiSwitch IP is reachable from the PC.
Use a browser to access the internal interface IP of the FortiSwitch for GUI access
