Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
GiGi
New Contributor II

Fortilink across L3 (FG-FSW only)

Hello everyone,

 

I'm new on this forum and a rookie in networking/Fortinet :)

 

I have a question regarding my topology with Fortilink :

 

FW-SW topology.png

 

I have multiple VLANs across the switches and the Fortigate is managing all the switches.

At this moment, all the internal traffic is going through the Fortigate and I'd like to change that.

I have seen that with the "Advanced license", I could set up the SW1 as L3.

My questions are :

- If I put the SW1 in standalone mode to perform as L3, can I still have all the other switches managed by the Fortigate as it is right now?

- If yes, all the internal traffic would be performed by the SW1 even if the other switches are managed by the Fortigate?

 

I'm all ears if there is/are other solutions.

 

About the config/firmware : All the links are in auto-mode / FG and FSW firmware is 7.0.1 (GA).

 

Thanks in advance,

 

GiGi.

 

1 Solution
sachitdas_FTNT

Hi,

 

The design should work. We can disable fortilink discovery on the switch and on FGT we can disable fortilink discovery for the switch. 

SW1 will act as a router/dhcp server and other switches will be on a different network and can come online on FGT using Fortilink Over L3.

However, there are some limitations of L3 fortilink, please refer https://docs.fortinet.com/document/fortiswitch/7.0.4/devices-managed-by-fortios/801182/fortilink-mod...

 

Also, this may not be required but wanted to put this point- if switch is doing routing functions and depending on the network load, you may have to consider higher end switches 1xxx series. https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitch_Data_Center_Series.pdf

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support

View solution in original post

2 REPLIES 2
sachitdas_FTNT

Hi,

 

The design should work. We can disable fortilink discovery on the switch and on FGT we can disable fortilink discovery for the switch. 

SW1 will act as a router/dhcp server and other switches will be on a different network and can come online on FGT using Fortilink Over L3.

However, there are some limitations of L3 fortilink, please refer https://docs.fortinet.com/document/fortiswitch/7.0.4/devices-managed-by-fortios/801182/fortilink-mod...

 

Also, this may not be required but wanted to put this point- if switch is doing routing functions and depending on the network load, you may have to consider higher end switches 1xxx series. https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiSwitch_Data_Center_Series.pdf

Regards,
Sachit Das
ETAC Engineer
Wifi-Switching – International Support
GiGi
New Contributor II

Hello Sachit Das,

 

Thanks for your reply.

 

I'll try to make this work then :)

 

Regards,


GiGi.