1. Create a Management VLAN under the FortiLink Interface.

Configure a management VLAN, enable the DHCP server, and allow access to ping and HTTPS.

FW1 (root) # config system interface
FW1 (interface) # edit "Test"
FW1 (Test) # set ip <IP address> <Network mask>
FW1 (Test) # set allowaccess ping https
FW1 (Test) # set role lan
FW1 (Test) # set interface <fortilink>
FW1 (Test) # set vlanid 10
FW1 (Test) # next
FW1 (Test) # end

2. Create a firewall policy with the FortiLink interface as the source and the VLAN created for FortiSwitch management as the destination.

Note: The FortiLink interface is not visible in the GUI when creating a firewall policy, so this must be configured using the FortiGate CLI.

Command to configure the policy using the FortiGate CLI:

FW1 (root) # config firewall policy
FW1 (policy) # edit 80 (New policy ID)
FW1 (80) # set srcintf <fortilink>
FW1 (80) # set dstintf Test <- Select the respective vlan-interface for the management access.
FW1 (80) # set service ALL <- Select any particular service as required.
FW1 (80) # set dstaddr all
FW1 (80) # set srcaddr all
FW1 (80) # set schedule always
FW1 (80) # end

3. Assign the VLAN to a specific port that will function as the management port.

Commands:

FW1 (root) # config switch-controller managed-switch
FW1 (managed-switch) # edit <switch-id>
FW1 (S248EFTF18xxxxxx) # config ports
FW1 (ports) # edit port1
FW1 (port1) # set vlan Test
FW1 (port1) # next
FW1 (ports) # end
FW1 (S248EFTF18xxxxxx) #end

4. Connect a PC to the designated management port.

• The DHCP server will assign an IP address.
• Ensure the FortiSwitch IP is reachable from the PC.
• Use a browser to access the internal interface IP of the FortiSwitch for GUI access