Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
axel_gonzalez_FTNT

How to configure Fortiswitch ports in Fortimanager?

There are two ways to modify ports of your Fortiswitch using Fortimanager.

 

Option 1 Using device layer configuration. You need to go to CLI Configurations and then select the switch. Once you have done this changes then you can proceed to see install preview on Install Device Settings (only)

axel_gonzalez_FTNT_0-1637709155204.png

 

Option 2 Fortiswitch Module. If you are using Fortiswitch Template, modify the configuration using the template you already have. Once you have done this changes then you can proceed to see install preview on Install Device Settings (only)

 

axel_gonzalez_FTNT_1-1637709568806.png

axel_gonzalez_FTNT_2-1637709631651.png

 

Please consider that Templates have more priority than Device Layer configuration. If you use Template you must updates changes in Template otherwise you don't need to create a template to update your ports. You can do it directly on device layer configuration.

 

AX
6 REPLIES 6
simonorch
Contributor

What is the best way of deploying a standardized switch model and L2 port/vlan configuration, but location specific L3 switch port configuration?  Switch module templates could work, but DPP as a mode is not supported and i'm unsure if L3 vlan information would get pushed or only the switch port configuration. 

Currently the only way i can see is through a regular cli script, but the issue there is how to do it without having to edit the switch serial number for every switch (up to 1400 in our case)

NSE8 Fortinet Expert partner - Norway

axel_gonzalez_FTNT

If DPP mode is available on Fortigate/Fortiswith but not on Fortimanager Switch Manager template we can include it on future firmware versions.

Could you share where do you configure DPP on a normal Fortiswitch or Fortigate?

AX
simonorch
Contributor

Thanks for the response. Here's an example from my lab. 

 

config switch-controller dynamic-port-policy
edit "wifi"
set fortilink "fortilink"
config policy
edit "Aruba-AP"
set hw-vendor "Aruba"
set vlan-policy "wifi"
next
end

 

and on the switchport

 

edit "port4"
set access-mode dynamic
set port-policy "wifi"

 

 

 

NSE8 Fortinet Expert partner - Norway

axel_gonzalez_FTNT

Thanks for sharing this help me to find a BUG already reported 0772396 "FMG missing fortiswitch dynamic policy GUI support."

I would recommend you can open a ticket support so that we can add your ticket to the reported BUG. There is no fix confirmed but opening the ticket will help to register cases with the problem. Regards!

AX
axel_gonzalez_FTNT

I have received confirmation that central dynamic port policy is part of a project FortiSwitch to support NAC policy which will be available on Fortimanager 7.2.0. 
Regards!

 

AX
simonorch
Contributor

Again, thanks for the response. Useful to know that it's a bug rather than a missing feature. I'll go ahead and open a ticket as suggested.

Whilst we can work around pushing FSW port configurations via cli script, it would be much more user friendly to be able to do it via a FSW template

 

Just FYI, we asked for the hardware vendor device pattern to be added to DPP policies so we could add vlan policies to them, i think it took 2 weeks and we had an interim build for testing and now it's included in 7.0.4 GA. Really great response from Fortinet, the end customer was very impressed.

 

 

NSE8 Fortinet Expert partner - Norway