Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mumbles202
New Contributor II

Manage Multiple Switches from a Single FortiGate

Is it possible to manage 3 switches from a single FortiGate and not daisy chain them?  Goal is to have each switch connect directly to the FortiGate so if a single switch reboots it doesn't take down all of them.  I see the single FortiLink interface and if I add the multiple physical interfaces to the link and connect the 2nd switch the link doesn't come up and the switch isn't discovered.  

3 REPLIES 3
rgracioli_FTNT

yes, please check network topologies chapter: https://docs.fortinet.com/document/fortiswitch/6.4.2/devices-managed-by-fortios/617516/network-topol...

 

Rafael Gracioli | Consulting Systems Engineer, ADC and Switching m: +31 6 50 28 72 99 | skype: rgracioli | e: rgracioli@fortinet.com

mumbles202

Thank you for this.  I see this note: NOTE: Using the hardware or software switch interface in FortiLink mode is not recommended in most cases. It can be used when the traffic on the ports is very light because all traffic across the switches moves through the FortiGate unit. Is it not recommended to link the devices directly to the FortiGate but rather to daisy-chain them?  I understand that any East-West traffic will need to go through the FortiGate.  My concern is if Switch1 is rebooted anything downstream of it, including Switch2 in the typical design, would go offline.   Should I be using the following example to setup a switch and then link this new switch to the FortiLink:   config system virtual-switch      edit "hardswitch1"           set physical-switch "sw0"           config port                 edit "port11"                 next                 edit "port12"                 next           end      next end   The 2 switches I have are already authorized by the FortiGate and managed so would it be a matter of moving the cables and rebooting the switches and having them come back online on the new ports?

rgracioli_FTNT

In addition, you'll have to configure the system interface part, and enable it for fortilink. If the switches are currently managed on another interface, they have to be transferred to the new one. You can simply delete and rediscover them via the new fortilink interface. If you want to preserve the configuration, then download fgt config, edit it manually to replace the old fortilink interface with the new one, and re-load it. 

Rafael Gracioli | Consulting Systems Engineer, ADC and Switching m: +31 6 50 28 72 99 | skype: rgracioli | e: rgracioli@fortinet.com