Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer 2024 badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDB
- FortiDDoS
- FortiDNS
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiToken
- FortiTester
- FortiWAN
- FortiVoice
- FortiWeb
- FortiWebCloud
- RMA Information and Announcements
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortilink 3rd Party Switch L2
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortilink 3rd Party Switch L2
I want to configure FortiLink over a point-to-point layer-2 network for connection to FortiGate Firewall and Cisco BB (Backbone). I need to connect FortiSwitch via Cisco BB. I'request support on how I can perform this configuration.
The environment have: Fortigate > Cisco BB > FortiSwitch
Labels:
- Labels:
-
FortiLink
-
FortiSwitch
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Gumo ,
If you want to manage your FortiSwitch via FortiGate, you just need to configure 4094 vlan on the Cisco switch. FortiSwitch uses 4094 vlan for management and tunnel. After that configuration, FortiGate can discover FortiSwitch and manage it.
Also, there are different options. For these options, you can review these documents.
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I cannot pass 4094 vlan through the switch, I think I will have to change to Fortilink 4094 vlan.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Gumo ,
This is another option. You can change FortiSwitch management vlan.
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it enough to change it under the interface on the Fortigate firewall?
set switch-controller-mgmt-vlan 3500
Created on 07-12-2024 01:03 AM Edited on 07-12-2024 01:07 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Gumo ,
You also need to change the p2p native vlan settings on Fortiswitch.
config switch global
set fortilink-p2p-native-vlan 3500
end
And also you can review this document about that.
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your valuable information @ozkanaltas
Teşekkürler.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The settings I made on Fortigate Firewall and Switch are as follows. The switch receives IP through the firewall. Satus remains down.
Fortigate Firewall
Firewall
config system interface
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
set allowaccess ping fabric
set type aggregate
set switch-controller-mgmt-vlan 4094
set member "x1" "x2"
set alias "LAG"
set lldp-reception enable
set lldp-transmission enable
set lldp-network-policy "1"
set snmp-index 23
Forti switch
Forti switch
config switch global
set fortilink-p2p-native-vlan 3500
end
config switch vlan
edit 10
next
edit 11
next
edit 3500
next
end
config switch physical-port
edit port27,port28
set fortilink-p2p enable
next
config switch trunk
edit "LAG1"
set mode lacp-active
set members "port27" "port28
config switch interface
edit "LAG1"
set native-vlans 3500
set allowed-vlans 10,11,3500
set snmp-index 31
next
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cisco Switch
Cisco Switch
interface port-channel2
switchport mode trunk
switchport trunk allowed vlan 11,10
switchport trunk native vlan 3500
interface eth 1/1-1/2
switchport
switchport mode trunk
channel-group 2 mode active
no shutdown
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Gumo ,
Can you change the management vlan configuration on the FortiGate side?
config system interface
edit "fortilink"
set switch-controller-mgmt-vlan 4094
end
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it
easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- FortiSwitch Interface 129 Views
- FortiClient EMS without Domain / Azure... 350 Views
- FortiAP on Bridge Mode with Third-Party... 226 Views
- CHANGED SUBNET FROM LAN TO WAN 269 Views
Labels
-
FortiGate
7,552 -
FortiClient
1,489 -
5.2
801 -
FortiManager
644 -
5.4
639 -
FortiAnalyzer
488 -
6.0
416 -
FortiAP
391 -
FortiSwitch
388 -
5.6
362 -
FortiClient EMS
321 -
FortiMail
289 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
182 -
FortiNAC
140 -
SSL-VPN
137 -
IPsec
129 -
6.4
128 -
FortiGuard
122 -
FortiGateCloud
98 -
FortiCloud Products
93 -
FortiSIEM
91 -
FortiToken
80 -
Customer Service
73 -
Wireless Controller
69 -
SD-WAN
67 -
4.0MR3
64 -
FortiProxy
54 -
FortiEDR
48 -
FortiADC
48 -
FortiAuthenticator
47 -
Fortivoice
46 -
FortiDNS
43 -
Firewall policy
43 -
FortiSandbox
39 -
FortiExtender
39 -
VLAN
37 -
FortiGate v5.4
36 -
High Availability
35 -
FortiSwitch v6.4
32 -
LDAP
29 -
DNS
28 -
BGP
27 -
FortiConnect
26 -
ZTNA
26 -
FortiGate v5.2
25 -
FortiWAN
24 -
Routing
24 -
FortiConverter
23 -
SAML
23 -
Interface
23 -
Authentication
22 -
Certificate
22 -
NAT
21 -
FortiSwitch v6.2
20 -
VDOM
19 -
FortiLink
19 -
FortiPortal
18 -
RADIUS
16 -
Logging
16 -
FortiMonitor
16 -
Virtual IP
16 -
Web profile
16 -
FortiGate v5.0
15 -
SSO
15 -
Application control
15 -
SSL SSH inspection
15 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Traffic shaping
14 -
FortiManager v5.0
13 -
FortiCASB
12 -
IP address management - IPAM
11 -
FortiSOAR
10 -
FortiRecorder
10 -
SSID
10 -
Static route
10 -
FortiAP profile
10 -
WAN optimization
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiManager v4.0
9 -
FortiAnalyzer v5.0
9 -
FortiWeb v5.0
9 -
SNMP
9 -
RMA Information and Announcements
9 -
OSPF
9 -
FortiBridge
8 -
Admin
8 -
Security profile
8 -
Proxy policy
8 -
Web application firewall profile
8 -
4.0
7 -
FortiCache
7 -
Automation
7 -
trunk
6 -
Packet capture
6 -
FortiPAM
6 -
IPS signature
6 -
Antivirus profile
6 -
Traffic shaping policy
6 -
System settings
6 -
Intrusion prevention
6 -
FortiCarrier
5 -
FortiDirector
5 -
DNS Filter
5 -
FortiTester
5 -
Users
5 -
Port policy
5 -
Fortinet Engage Partner Program
5 -
3.6
4 -
FortiDeceptor
4 -
FortiToken Cloud
4 -
FortiScan
4 -
Explicit proxy
4 -
Traffic shaping profile
4 -
Application signature
4 -
DLP sensor
4 -
DoS policy
4 -
Web rating
4 -
FortiInsight
3 -
FortiDB
3 -
FortiCWP
3 -
FortiHypervisor
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
Email filter profile
3 -
Fabric connector
3 -
File filter
3 -
Multicast routing
3 -
FortiAI
2 -
FortiNDR
2 -
Internet service database
2 -
Netflow
2 -
Protocol option
2 -
Replacement messages
2 -
Schedule
2 -
Service
2 -
VoIP profile
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
Kerberos
1 -
RIP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
TACACS
1 -
SDN connector
1 -
Multicast policy
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.