Help
FortiSwitch
FortiSwitch: secure, simple and scalable Ethernet solutions
ehamud
Staff
Staff

Created on ‎08-20-2025 10:15 AM

Article Id 407269

Technical Tip: FortiSwitch using Fortilink on HTTPS mode does not display the line under topology

Description This article describes how to include the topology lines from FortiSwitch managed by Fortilink HTTPS. 
Scope FortiSwitch v7.4.2 onwards, FortiGate v7.4.2 onwards
Solution
  • Return settings to factory default by pressing the reset button on the front of the FortiSwitch.
  • Update the FortiSwitch to v7.4.2 or above.
  • Validate FortiGate has v7.4.2 or above.
  • Configure FortiLink HTTPS under FortiSwitch:

 

FortiSwitch1 # config switch-controller global

FortiSwitch1 (global) # sho fu | grep mgmt

    set mgmt-mode https

FortiSwitch1 (global) #

 

FortiSwitch1 # config system flan-cloud

FortiSwitch1 (flan-cloud) # sho fu

config system flan-cloud

    set interval 3

    set name "30.30.29.1"     <----- FortiLink IP.

    set port 443

    set service-type fortilink-https

    set status enable

end

 

  • Authorize FortiSwitch from the FortiGate.

 

Sometimes more FortiSwitch are needed, on this case the other FortiSwitch can use FortiLink CAPWAP or all the topology can use FortiLink in HTTPS mode.

 

Confirm FortiSwitch is online from the FortiGate CLI: 

 

FortiGate# execute switch-controller get-conn-status  

 

Managed-devices in current vdom root:

 

FortiLink interface : 1FlinkHTTPS

SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL         

FortiSwitch1          v7.6.2 (6 (GA))   Authorized/Up   2T   30.30.29.3      Tue Aug 19 13:58:01 2025    

FortiSwitch2              v7.4.3 (2 (GA))   Authorized/Up   2T   30.30.29.2      Tue Aug 19 13:58:14 2025    

 

  • Verify the connection status from FortiSwitch:

 

FortiSwitch1 (flan-cloud) # get system flan-cloud-mgr connection-info

 

Service Name:           : FortiLink

User Account-ID         : 0

SSL verify Code         : ok

Access Service          : IP= 30.30.29.1, Port= 443, Connected on: 2025-08-19 13:58:12

Bootstrap Service       : hostname= , Port= 0

 

State-Machine           : State= FLAN_MGR_STATE_READY, Event= EV_READY_SSL_SESSION_ESTD

 

SSL Local End-Point     : Interface: internal,  IP: 30.30.29.2

SSL Tunnel Uptime       : Days: 0  Hours: 2 Mins: 28 [Connected @2025-08-19 13:58:12]

SSL Tunnel stats        : restart-count= 281, Restart Reason= Unknown Tunnel State

 

Stats:

========

Switch  Keep Alive  Tx/Reply := 295 / 295

Manager Keep Alive  Rx/Error := 734 / 0

 

Socks   Req Rx/Last Stream-ID  := 6712 / 806

Reset   Req Rx/last Stream-ID  := 400 / 806

Goaway  Req Rx  := 0

Unknown Req Rx  := 0

 

Syslog FD/Tx/Err  := 10 / 4 / 0

 

  • The result is a dotted line in topology view:

 

http.jpg

 

In order to fix this, change FortiLink neighbor discovery from 'fortilink' to 'lldp' and wait for ten to fifteen minutes for the changes to be reflected.

 

FortiGate # config system interface

    edit 1FlinkHTTPS

        show fu | grep neighbor

        set fortilink-neighbor-detect lldp

    next

end

 

After the change, the line will be completely solid under the topology view:

 

fswffsdfs.jpg
163
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.