I want to configure FortiLink over a point-to-point layer-2 network for connection to FortiGate Firewall and Cisco BB (Backbone). I need to connect FortiSwitch via Cisco BB. I'request support on how I can perform this configuration.
The environment have: Fortigate > Cisco BB > FortiSwitch
Hello @Gumo ,
If you want to manage your FortiSwitch via FortiGate, you just need to configure 4094 vlan on the Cisco switch. FortiSwitch uses 4094 vlan for management and tunnel. After that configuration, FortiGate can discover FortiSwitch and manage it.
Also, there are different options. For these options, you can review these documents.
I cannot pass 4094 vlan through the switch, I think I will have to change to Fortilink 4094 vlan.
Hello @Gumo ,
This is another option. You can change FortiSwitch management vlan.
Is it enough to change it under the interface on the Fortigate firewall?
set switch-controller-mgmt-vlan 3500
Created on 07-12-2024 01:03 AM Edited on 07-12-2024 01:07 AM
Hello @Gumo ,
You also need to change the p2p native vlan settings on Fortiswitch.
config switch global
set fortilink-p2p-native-vlan 3500
end
And also you can review this document about that.
Thank you for your valuable information @ozkanaltas
Teşekkürler.
The settings I made on Fortigate Firewall and Switch are as follows. The switch receives IP through the firewall. Satus remains down.
Fortigate Firewall
Firewall
config system interface
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
set allowaccess ping fabric
set type aggregate
set switch-controller-mgmt-vlan 4094
set member "x1" "x2"
set alias "LAG"
set lldp-reception enable
set lldp-transmission enable
set lldp-network-policy "1"
set snmp-index 23
Forti switch
Forti switch
config switch global
set fortilink-p2p-native-vlan 3500
end
config switch vlan
edit 10
next
edit 11
next
edit 3500
next
end
config switch physical-port
edit port27,port28
set fortilink-p2p enable
next
config switch trunk
edit "LAG1"
set mode lacp-active
set members "port27" "port28
config switch interface
edit "LAG1"
set native-vlans 3500
set allowed-vlans 10,11,3500
set snmp-index 31
next
Cisco Switch
Cisco Switch
interface port-channel2
switchport mode trunk
switchport trunk allowed vlan 11,10
switchport trunk native vlan 3500
interface eth 1/1-1/2
switchport
switchport mode trunk
channel-group 2 mode active
no shutdown
Hello @Gumo ,
Can you change the management vlan configuration on the FortiGate side?
config system interface
edit "fortilink"
set switch-controller-mgmt-vlan 4094
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.