Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortime
New Contributor

conventional fortilink or fortilink over Layer3?

Hi everybody. I am new to the forum but I have run into a brick wall and would like to see some advice regarding a soution that I am working on.

My customer has a HA fortigate pair - another vendor Core switching - another vendor access switches.

They have requested that Fortswitches replace their access layer switches.

So the new solution wil have fortigates - another vendor core switch - FortSwitch access switches.

So, If I connect the fortswitches to Fortigate using the normal configuration methods, the FortiLink will be the default route for the traffic.
I do not want this. I want the core switches to be the default gateway for the traffic.

Can I create a route towards the core switches or do I have to consider Fortilink over L3 deign.

Thank you in advance for your time.

5 REPLIES 5
Anonymous
Not applicable

Hello fortime, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

 Fortinet Community Team 

fortime

Hi RJ - Thank you for your response.

This approach is not documented so much.  I think the approach should be either to use fortilink over Layer 3 for management only and then I can route traffic towards the core switch or else to use the switches in standalone mode.

 

I look forward to your feedback.

riteshpv
Staff
Staff

Hi Fortime,

 

L3 FSW setup.jpg

 

I hope this is what you are trying to achieve. FSW managed over L3.

 

https://docs.fortinet.com/document/fortiswitch/7.0.4/devices-managed-by-fortios/801182/fortilink-mod...

 

Once managed the L3 FSW will automatically create Fortilink trunk connecting to uplink network.

 

Then you can create vlan on FGT and map them to L3 FSW. However these vlan are local to the network. As seen in the above scenario the vlan 20 vlan 30 can be created under Fortigate fortilink interface and map to the FSW port. But the same vlan need to be available locally (as in Network 2) as gateway for those vlans. The FSW will forward traffic locally as in the scenario L3 router vlans. 

 

the Router will have to manage the vlan taffic from L3 FSW to destination as intended.

 

These vlan traffic will not reach Fortilink via capwap.

 

 

Regard,

Ritesh P V

Ritesh.P.V
MarcoRoman

As a follow up question to this same topic Fortilink over L3 topic. Is there some way to allow the use of the capwap tunnel to traverse traffic from the vlan 20/30 in the example? So that the Fortigate becomes the layer 3 gateway of those vlans? 

riteshpv

No.

The vlan config can be pushed from FGT to managed FSW but that vlan is local to the network and FGT cannot be gateway for these vlans.

 

Ritesh.P.V
Labels
Top Kudoed Authors