FortiLink through 3rd party L2 switch

AEK · ‎02-04-2024

Hello

The following doc shows that FortiLink is supported is this topology:

FortiGate <---> FortiSwitch <---> 3rd party L2 switch <---> FortiSwitch

https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801183

My question is more simple: is FortiLink supported in the following case?

FortiGate <---> 3rd party L2 switch <---> FortiSwitch

AEK

AEK · ‎04-23-2025

Hi Miranda and Migelammon

I have this lab:

FortiOS 6.2.16
FortiSwitch OS 7.2.6
Cisco C2960X switch

Diagram is like this:

FGT-----Cisco-----FSW

FGT's FortiLink port connected to Cisco's port1
FSW's FortiLink port connected to Cisco's port2

Configured Cisco port1 an port2 like this:

interface GigabitEthernet0/1
  switchport mode trunk

interface GigabitEthernet0/2
  switchport mode trunk

Result:

FGT detects the FSW, and once authorized I made some test (assign VLANs to FSW ports, plug hosts and test traffic) and every thing seem to work just fine.

Note:

If you don't configure the Cisco switch ports 1 & 2 in trunk mode, then FGT detects FSW, you can authorize it, but nothing else works after that (no traffic between host and FGT).

Hope it helps.

Edit: Even if this works, I don't find it in Fortinet documentation, so it may not be a supported configuration, and probably not a so good idea to use in prod.

AEK

View solution in original post

Bjay_Prakash_Ghising · ‎02-05-2024

Hi @AEK

A simple answer is yes. It is possible to manage FortiSwitch if there is a third-party L2 switch between them.

The last time I attempted such topology was a year ago. Cisco was in between FortiGate and FortiSwitch.

If I remember the configuration correctly.

Then it was easily achievable when there was a single port within the Fortilink. (Considering Cisco in the default configuration).

But when there were two ports inside Fortilink then we had to create LAG (channel-group in my case) between FortiGate and FortiSwitch.

Note that,

- for a single port within the FortiLink. I didn't check the VLAN trunking, just tested whether it could be managed or not. I guess, you might need a trunk port connected between them.

- But for two ports inside Fortilink, we trunked VLAN through port-channel.

Overall, you can manage over a third-party L2 switch. But for precise verification of VLAN trunking traffic flow, I need to test them again.

Hope that helps,

Kind Regards,
Bijay Prakash Ghising

Ghising

AEK · ‎02-20-2024

Thanks Bijay for your detailed response and for sharing your experience.

I'll share the result of my lab once I achieve it successfully.

AEK

amiranda · ‎04-22-2025

@AEK did you make it work???

amanda

migelammon · ‎04-22-2025

@AEK wrote:
Hello
The following doc shows that FortiLink is supported is this topology:
FortiGate <---> FortiSwitch <---> 3rd party L2 switch <---> FortiSwitch
https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios-tubidy /801183

My question is more simple: is FortiLink supported in the following case?
FortiGate <---> 3rd party L2 switch <---> FortiSwitch

I have question.. already solved sir?

AEK · ‎04-23-2025