Description
This article describes how to access HTTPS of managed FortiSwitch by FortiGate.
Scope
For FortiSwitch managed by FortiGate.
Solution
Toplogy.
This article describes how to access HTTPS of managed FortiSwitch by FortiGate.
Scope
For FortiSwitch managed by FortiGate.
Solution
Toplogy.
Consider above setup. Client can access FortiGate via WAN port IP 10.33.154.22 and FortiSwitch is managed by FortiGate and has IP 40.40.40.1.
1) Verify the IP of the FortiSwitch:
1) Verify the IP of the FortiSwitch:
2) Connect to the FortiSwitch from FortiGate and verify if the internal Interface of FortiSwitch has HTTPS enabled:
FGT # execute ssh admin@40.40.40.13) Create following Virtual IP policy for FortiSwitch:
FSW # show system interface internal
# config system interface
edit "internal"
set mode dhcp
set allowaccess ping https ssh <----- HTTPS enabled.
set type physical
set snmp-index 26
set defaultgw enable
next
end
Important note.
Port 4443 should not be used to access the FortiGate HTTPS.
4) Verify the FortiLink interface name.
5) Create firewall policy on FortiGate:
It will not be possible to configure this firewall policy from FortiGate GUI as the FortiLink interface will not be listed.
# config firewall policyImportant note.
edit 7
set name "switchpolicy"
set srcintf "wan" <----- FortiGate port with IP 10.33.154.22.
. set dstintf "fortilink" <----- FortiLink interface name.
set srcaddr "all"
set dstaddr "switchaccesss” <----- Virtual IP policy name.
set action accept
set schedule "always"
set service "ALL"
set logtraffic disable
set nat enable
next
end
It will not be possible to configure this firewall policy from FortiGate GUI as the FortiLink interface will not be listed.
So the only option is to create this via Command line.
Once the above is configured the policy will be created and will be seen via GUI.
.
6) Now access the FortiSwitch using FortiGate IP and custom port.
Notes.
- If multiple FortiSwitch are installed, then each FortiSwitch should have independent virtual IP policy with change in custom-port. Add the new virtual IP policy in firewall policy as destination.
- To access FortiSwitch via SSH then change the ports to 22 (SSH) and add the new virtual IP policy in firewall policy as destination. Mentioned below:
Virtual IP Policy.
- If multiple FortiSwitch are installed, then each FortiSwitch should have independent virtual IP policy with change in custom-port. Add the new virtual IP policy in firewall policy as destination.
- To access FortiSwitch via SSH then change the ports to 22 (SSH) and add the new virtual IP policy in firewall policy as destination. Mentioned below:
Virtual IP Policy.
Firewall policy.
Now it is possible to access FortiSwitch using FortiGAte IP but use custom port (2223).
Related Articles
Technical Tip: Change the port for the admin access to the firewall
Technical Tip: Virtual IP (VIP) port forwarding configuration.
