How would I create a fortilink connection when having two Fortiswitches in a HA setup? Below is a topology diagram of my setup, not sure If I can use the WAN ports for fortilink (obviously cannot add them to the aggregate now) but if I should have during the setup. My next thought is to setup a separate port on the FG for fortilink and then use another port on the fortiswitch, but my question is will the switch recognize this as a fortilink connection or will I need to setup a VLAN? Currently the switches are in layer 2 mode with no configs, just passing WAN traffic to both FG's.
Solved! Go to Solution.
What model FortiSwitches and what model FortiGates?
First thought, it might make more sense to keep these FortiSwitches as standlone and not FortiLink-managed, since they are apparently being used as just WAN edge switches.
Alternatively you can achieve what you want to do using FortiGate (depending on which model you have) without the use of FortiSwitches in front: https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/183531/virtual-vlan-switch
If you want to go FortiLink managed probably best thing to do is just create a VLAN under the FortiLink interface for each ISP. Use those VLAN as your WAN interfaces.
What model FortiSwitches and what model FortiGates?
First thought, it might make more sense to keep these FortiSwitches as standlone and not FortiLink-managed, since they are apparently being used as just WAN edge switches.
Alternatively you can achieve what you want to do using FortiGate (depending on which model you have) without the use of FortiSwitches in front: https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/183531/virtual-vlan-switch
If you want to go FortiLink managed probably best thing to do is just create a VLAN under the FortiLink interface for each ISP. Use those VLAN as your WAN interfaces.
FG models range from 40f to 101f and FS model is 108f. I believe I will stick with a standalone setup for that reason, not doing anything else other than sending WAN to both FG's. Unfortunately, our ISP's were not willing to setup a second port for us to setup similar to that document.
Thank you for the response.
Hello,
The provided solution above is the preferred one, keeping the fortiswitches in standalone mode.
But if you would like to have them managed by fortigate here is a second option that would work.
FortiLink is the management interface between the FortiGate and FortiSwitch. In aggregate mode we need to have an ICL link between the switches (they should be connected together so a trunk will be automatically created). To create the fortilink interface:
Use WiFI & Switch Controller > FortiLink Interface to create or edit FortiLink interfaces. The available options depend on the capability of the FortiGate model. Please check the below KB:
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/396635/fortilink-setup
Kindly add WAN1 and WAN2 as members to the foritlink interface. You should now be able to authorize the switches and have them connected and managed by the fortigate.
Then create two vlans under it to each ISP. For instance, Vlan10 for ISP1 with all the needed configuration (ip address, vlanID) and Vlan20 for ISP2 same way.
The vlans should be assigned to port1, port2 and port3 accordingly.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.