- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Connect new FortiSwitches to Fortigate through HP-...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connect new FortiSwitches to Fortigate through HP-ProCurve Core-Switch
Hello Everybody,
I hope someone can clarify a situation for me.
My Customer has existing 2x FGT100F with LACP (X1,X2) and around 30+ SVIs connected via L2-LACP-Link to HPE(Core) & NetGear(remote-cabinets) Switches running.
Now he bought 4 new FSW-148 (remote-cabinets) from me, but did not buy the 2x FSW-1024E for the Datacenter (Distribution-Layer). He want's to keep the 5406R from HPE (lots of 10G-SFP+ Ports) for Distribution-Purposes and Server-Connection.
I on the other hand wanted (of course) to use FortiLink to all the new Switches.
All the customers networks (VLANs 5 through 51 tagged - no VLAN1, no untagged) are on the existing LACP (X1&X2) to the HPE-Core.
Here are my three big questions:
1. Is there a chance (for now ;-)) to keep the HPE-Core and connect all new switches to 10G-Ports on the HPE and still manage the Switches througt fortilink?
2. Is it possible to use all the existing VLANs on the new Forti-Switches (aka. Bridge existing VLANs 5-51 to FortiLink, etc.)?
3. Is it possible to use FortiConverter to change the VLAN-Interfaces from X1&X2 to some other port(7-16), then create fortilink on X1&X2 (LACP), then move VLAN-Interfaces back to FortiLink and then connect the Fortilink-LACP again to the HPE-Core. Now i could distribute all Links (if possible) to the new Forti-Switches through the HPE-Core.
Is that even possible?
Explanation:
Why not connect to the new Forti-Switches (FSW-148F-FPOE with 4x 10G)?
I wanted to use MCLAG on Distri-Layer and i need 2x 10G for ICL and 1x 10G for Uplink to HEP and 1x 10G for Downlink to next Switch. So there are no ports left for distribution.
Also all the Servers are connected on HPE-Core. LAG with 8x 1G is no option, as Backup would exceed time-frame.
I hope, someone can give an explanation to me, what would be possible/thinkable.
THX Franz
Prefers to NOT experiment with Live Customer Equipment ;)
Prefers to NOT experiment with Live Customer Equipment ;-)
Labels:
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi HegnauerF,
Answering your questions:
1. Is there a chance (for now ;-)) to keep the HPE-Core and connect all new switches to 10G-Ports on the HPE and still manage the Switches through fortilink?
A.: Yes, as you can see on the link below you can have a Layer2 devices at the middle of a ISL link.
2. Is it possible to use all the existing VLANs on the new Forti-Switches (aka. Bridge existing VLANs 5-51 to FortiLink, etc.)?
A.: You want to have have all the existence vlan created on the FortiSwitch. So basically traffic traffic will flow from FGT, core switch and FortiSwitch, did I get it right? If I have, I don't see a reason why you could not 'extend' vlan 5-51 from the core to the FortiLink switches.
3. Is it possible to use FortiConverter to change the VLAN-Interfaces from X1&X2 to some other port(7-16), then create fortilink on X1&X2 (LACP), then move VLAN-Interfaces back to FortiLink and then connect the Fortilink-LACP again to the HPE-Core. Now i could distribute all Links (if possible) to the new Forti-Switches through the HPE-Core.
Is that even possible?
A.: Regarding FortiConverter, I am not familiar with it, maybe one of my colleagues could help you answering this question.
To avoid down time I suggest you to replicate the customer scenario in LAB using their brand new FortiSwitches just to anticipate what you could find during a proper migration.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @DPadula,
Thank You for your quick response.
Following up there i need to ask the really stupid question for your answer "#1"...
You wouldn't happen to know if i would need to transport an untagged VLAN (aka. "untagged vlan 1 == DEFAULT" or "untagged vlan 5") over the HPE-Core to allow passage of the L2-P2P for Fortilink? For now i had only tagged/trunked VLANs on the Uplink to Fortigate.
The already used management-VLAN is "tagged VL.5" but if i need a new untagged VLAN for Fortilink i would prefer it to be in a seperate Broadcast-Domain (aka. new VLAN - eg. "untagged vlan 7" only on the HPE-Core for free transport (seperated from all the other vlans).
What are your Insights/Ideas for that?
Thanks is advance for any Idea, that pushes me in the right direction
Franz
Prefers to NOT experiment with Live Customer Equipment ;)
Prefers to NOT experiment with Live Customer Equipment ;-)
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
Labels
-
FortiGate
7,227 -
FortiClient
1,427 -
5.2
801 -
5.4
639 -
FortiManager
626 -
FortiAnalyzer
465 -
6.0
416 -
FortiAP
378 -
FortiSwitch
376 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
282 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
178 -
FortiNAC
130 -
6.4
128 -
FortiGuard
117 -
IPsec
111 -
SSL-VPN
110 -
FortiGateCloud
97 -
FortiSIEM
95 -
FortiCloud Products
90 -
FortiToken
77 -
Customer Service
71 -
Wireless Controller
66 -
4.0MR3
64 -
SD-WAN
51 -
FortiProxy
49 -
FortiEDR
46 -
FortiADC
45 -
Fortivoice
44 -
FortiDNS
40 -
FortiGate v5.4
36 -
FortiSandbox
36 -
FortiExtender
35 -
FortiAuthenticator
35 -
Firewall policy
35 -
VLAN
32 -
FortiSwitch v6.4
32 -
High Availability
32 -
DNS
25 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
FortiConverter
23 -
LDAP
22 -
Certificate
21 -
BGP
21 -
SAML
20 -
FortiGate v5.2
20 -
Interface
20 -
FortiPortal
18 -
Routing
18 -
FortiSwitch v6.2
17 -
Authentication
17 -
VDOM
17 -
FortiLink
16 -
FortiMonitor
15 -
RADIUS
15 -
NAT
15 -
FortiGate v5.0
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
SSL SSH inspection
13 -
Virtual IP
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
11 -
Application control
11 -
SSO
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
IP address management - IPAM
9 -
FortiManager v5.0
9 -
OSPF
9 -
4.0MR2
9 -
WAN optimization
9 -
RMA Information and Announcements
8 -
FortiSOAR
8 -
Proxy policy
8 -
FortiAnalyzer v5.0
8 -
FortiBridge
8 -
SNMP
8 -
FortiGate v4.0 MR3
8 -
Web application firewall profile
7 -
Security profile
7 -
FortiAP profile
7 -
Automation
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Traffic shaping policy
6 -
trunk
6 -
IPS signature
5 -
Packet capture
5 -
Port policy
5 -
Antivirus profile
5 -
System settings
5 -
DNS Filter
5 -
FortiCache
5 -
FortiTester
5 -
FortiManager v4.0
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Traffic shaping profile
4 -
FortiPAM
4 -
Fortinet Engage Partner Program
4 -
FortiCarrier
4 -
3.6
4 -
FortiScan
4 -
DLP sensor
4 -
DoS policy
4 -
Email filter profile
3 -
Fabric connector
3 -
NAC policy
3 -
Users
3 -
Multicast routing
3 -
FortiToken Cloud
3 -
Application signature
3 -
DLP Dictionary
3 -
FortiDB
3 -
DLP profile
3 -
FortiInsight
2 -
Netflow
2 -
Protocol option
2 -
Zone
2 -
FortiNDR
2 -
FortiAI
2 -
FortiHypervisor
2 -
Schedule
2 -
Authentication rule and scheme
2 -
Explicit proxy
2 -
Internet Service Database
2 -
VoIP profile
2 -
4.0MR1
1 -
File filter
1 -
RIP
1 -
Multicast policy
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
TACACS
1 -
Replacement messages
1 -
FortiManager-VM
1 -
SDN connector
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1089 | |
| 892 | |
| 535 | |
| 441 | |
| 152 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.