Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AEK
SuperUser
SuperUser

FortiLink through 3rd party L2 switch

Hello

The following doc shows that FortiLink is supported is this topology:

FortiGate <---> FortiSwitch <---> 3rd party L2 switch <---> FortiSwitch

https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801183

 

My question is more simple: is FortiLink supported in the following case?

FortiGate <---> 3rd party L2 switch <---> FortiSwitch

AEK
AEK
1 Solution
AEK
SuperUser
SuperUser

Hi Miranda and Migelammon

 

I have this lab:

  • FortiOS 6.2.16
  • FortiSwitch OS 7.2.6
  • Cisco C2960X switch

Diagram is like this:

FGT-----Cisco-----FSW

 

  • FGT's FortiLink port connected to Cisco's port1
  • FSW's FortiLink port connected to Cisco's port2

 

Configured Cisco port1 an port2 like this:

interface GigabitEthernet0/1
switchport mode trunk

interface GigabitEthernet0/2
switchport mode trunk

 

Result:

FGT detects the FSW, and once authorized I made some test (assign VLANs to FSW ports, plug hosts and test traffic) and every thing seem to work just fine.

 

Note:

If you don't configure the Cisco switch ports 1 & 2 in trunk mode, then FGT detects FSW, you can authorize it, but nothing else works after that (no traffic between host and FGT).

 

Hope it helps.

 

Edit: Even if this works, I don't find it in Fortinet documentation, so it may not be a supported configuration, and probably not a so good idea to use in prod.

AEK

View solution in original post

AEK
5 REPLIES 5
Bjay_Prakash_Ghising
Contributor

Hi @AEK  


A simple answer is yes. It is possible to manage FortiSwitch if there is a third-party L2 switch between them. 

 

The last time I attempted such topology was a year ago. Cisco was in between FortiGate and FortiSwitch.

 

If I remember the configuration correctly.

 

Then it was easily achievable when there was a single port within the Fortilink. (Considering Cisco in the default configuration).  


But when there were two ports inside Fortilink then we had to create LAG (channel-group in my case) between FortiGate and FortiSwitch. 

 

Note that,

- for a single port within the FortiLink. I didn't check the VLAN trunking, just tested whether it could be managed or not. I guess, you might need a trunk port connected between them.

- But for two ports inside Fortilink, we trunked VLAN through port-channel.

 

Overall, you can manage over a third-party L2 switch. But for precise verification of VLAN trunking traffic flow, I need to test them again.


Hope that helps,


Kind Regards,
Bijay Prakash Ghising

 

Ghising
Ghising
AEK

Thanks Bijay for your detailed response and for sharing your experience.

I'll share the result of my lab once I achieve it successfully.

AEK
AEK
amiranda
Staff
Staff

@AEK  did you make it work???

amanda
migelammon
New Contributor


@AEK wrote:

Hello

The following doc shows that FortiLink is supported is this topology:

FortiGate <---> FortiSwitch <---> 3rd party L2 switch <---> FortiSwitch

https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios-tubidy/801183

 

My question is more simple: is FortiLink supported in the following case?

FortiGate <---> 3rd party L2 switch <---> FortiSwitch


I have question.. already solved sir?

AEK
SuperUser
SuperUser

Hi Miranda and Migelammon

 

I have this lab:

  • FortiOS 6.2.16
  • FortiSwitch OS 7.2.6
  • Cisco C2960X switch

Diagram is like this:

FGT-----Cisco-----FSW

 

  • FGT's FortiLink port connected to Cisco's port1
  • FSW's FortiLink port connected to Cisco's port2

 

Configured Cisco port1 an port2 like this:

interface GigabitEthernet0/1
switchport mode trunk

interface GigabitEthernet0/2
switchport mode trunk

 

Result:

FGT detects the FSW, and once authorized I made some test (assign VLANs to FSW ports, plug hosts and test traffic) and every thing seem to work just fine.

 

Note:

If you don't configure the Cisco switch ports 1 & 2 in trunk mode, then FGT detects FSW, you can authorize it, but nothing else works after that (no traffic between host and FGT).

 

Hope it helps.

 

Edit: Even if this works, I don't find it in Fortinet documentation, so it may not be a supported configuration, and probably not a so good idea to use in prod.

AEK
AEK
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors