FortiLink over Physical ports

Dev82 · ‎03-01-2024

What is the recommended setup for establishing a FortiLink connection between two FortiSwitches and two Fortigates in a high availability (HA -600E) setup ?

ISP 1 connects to Fortiswitch 1 and ISP 2 connects to Fortiswitch 2, both Fortiswitches are standalone switches. (No MCLAG between switches)
FGT Port 1 connects to Fortiswitch 1 and FGT Port 2 connects to Fortiswitch 2.
Created vlan interfaces for each ISPs(ISP 1 - Vlan 10 & ISP 2 - Vlan 20)

How do I add Fortilink between Fortiswitch and Fortigate ?

AEK · ‎03-02-2024

I think here is what you need.

https://docs.fortinet.com/document/fortiswitch/7.4.2/fortilink-guide/801202/single-fortigate-unit-ma...

The example on the document is for standalone FG but I think should be applicable to FG A-P HA as well.

AEK

Dev82 · ‎03-02-2024

@AEK, Both FGTs(600E) have aggregate bandwidth of 1G, Fortinet don't recommend Fortlink on hardware switch according to the above link(except can be used as alternative for high availability to use with entry level FGT models)

hbac · ‎03-02-2024

Hi @Dev82,

You can add port1 and port2 to an aggregate interface and enable fortilink on that interface. "fortilink-split-interface" should be enabled. FortiSwitches should be connected to each other for ISL.

config system interface

edit <>

set fortilink enable

end

You can also use a hardware switch: https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801187/ha-mode-forti...

Regards,

Dev82 · ‎03-02-2024

@hbac Fortiswitches have not connected directly, both ports from switches need to enabled(unable to enable fortilink-split-interface) since FGT use both ISP links as the SDWAN member interfaces.

FortiLink over Physical ports

Nominate a Forum Post for Knowledge Article Creation