Description

This article describes how a Fortiswitch replacement can be done with old Fortiswitch.

Scope

FortiSwitch.

Solution

After RMA of faulty Fortiswitch, the new Fortiswitch device can be replaced in the network with execute command. It makes it easier to replace a failed FortiSwitch with a new one without having re-configure the new one. The configuration of the existing unit is just transferred to the new one.

If the failed FortiSwitch unit was part of a VDOM, enter the following commands:

config vdom
    edit <VDOM_name>
execute replace-device fortiswitch <failed_Fortiswitch_serial_number> <new_Fortiswitch_serial_number>
end

For example.

config vdom
    edit vdom_new
execute replace-device fortiswitch S124DN3Wxxxx2025 S124DN3Wxxxx2026
end

where, S124DN3Wxxxx2025 is failed Fortiswitch and S124DN3Wxxxx2026 is new Fortiswitch

If the failed FortiSwitch unit was not part of a VDOM, enter the following command:

execute replace-device fortiswitch <failed_Fortiswitch_serial_number> <new_Fortiswitch_serial_number>
end

Note : 

If the FortiSwitch is authorized in one VDOM  while a few ports are being shared in other VDOMS make sure to export the ports to the original switch VDOM else the following error will be seen while trying to deauthorize the FortiSwitch :

FGT (ST1Exxxxxxxx) # end
There are ports that are still exported or in pool, cannot deauthorize switch.
object set operator error, -651 discard the setting
Command fail. Return code -651

FGT (root) #

If the FortiSwitch is in root VDOM export the ports back to root VDOM:

FGT(root) # config switch-controller managed-switch

FGT (managed-switch) # edit S54xxxxxxx

FGT (S54xxxxxxxxx) # config port

FGT (ports) # edit port11

FGT (port11) # set export-to-pool root

Related documents:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ed3a6f28-202f-11e9-b6f6-f8bc12...
Multitenancy and VDOMs