Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fjulianom
New Contributor III

Created on ‎06-17-2025 12:33 AM Edited on ‎06-17-2025 12:39 AM

Doubts about FortiLink over L3 network

Hi team,

 

I have some doubts about integrating remote FortiSwitches to FortiGate. I have read this document, but I still have doubts:

https://docs.fortinet.com/document/fortiswitch/7.6.3/fortilink-guide/801182/fortilink-mode-over-a-la...

 

This is my topology:

 

scenario.png

SW-1 and SW-2 are not a stack, they are independent switches. SW-1 and SW-2 internal IPs (192.168.1.x) can reach FGT FortiLink IP 10.10.1.1. I will use in-band management for the FortiSwitches (the internal IPs).

On the FortiSwitch, will these be the commands for SW-1?

 

config switch-controller global

  set ac-discovery-type static

  set source-ip 192.168.1.2                  <<<< in-band internal IP?

  config ac-list

    edit 1

      set ipv4-address 10.10.1.1            <<<< FortiLink IP in FortiGate?

    next

  end

end

 

Am I correct? In FortiGate do I only need to configure FortiLink interface with IP 10.10.1.1 and DHCP server disabled?

For SW-2, will the commands be the same just changing source-ip?

There is the "In-band management section" followed by "To configure a FortiSwitch unit to operate in a layer-3 network". It says:

If you configure static discovery, you need to create a static inter-switch link (ISL) trunk and then enable or disable automatic VLAN configuration on the manually created (static) ISL trunk.

 

Why do I need a ISL trunk? Does it apply to my topology?

Please help, I know FortiGates but I am new on FortiSwitches.

 

PS: I will have FortiManager as well. In this case I don't know if the FortiSwitches will have to be integrated in FortiGate, and then FortiGate integrated in FortiManager. Or the FortiSwitches will be managed directly with FortiManager without FortiGate.

 

Regards,

Julián

288
0 Kudos
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎06-19-2025 09:51 PM

Hello Julian,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
247
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎06-21-2025 11:56 AM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
217
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎06-23-2025 02:18 AM

Hello fjulianom,

 

I found this solution. Can you tell me if it helps, please?

 

The configuration commands for `sw-1` are correct, and similar commands should be used for `sw-2` with the appropriate source IP. On FortiGate, configuring the FortiLink interface with IP 10.10.1.1 and disabling the DHCP server is sufficient. An ISL trunk is not necessary for your topology unless `sw-1` and `sw-2` need to communicate directly. FortiSwitches can be managed directly by FortiManager or through FortiGate, depending on your management strategy.

 

Do not hesitate if you need further help!

Jean-Philippe - Fortinet Community Team
189
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.