Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: Fortilink (switch - fortigate) over media conv...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortilink (switch - fortigate) over media converter not working ...
Hello, The issue is: why Fortilink cannot be established over a media converter ? What are the limitations ...? Vendors of ""proper"" media-converters ??? I thought that media converter is only a dump converter: from electric signals to optical -so it does not introduce anything in the traffic -> ergo it completely transparent and FolrtiLink shoul (!) works What about config like this Of course : -FG is configured for FortLink on the port that is connected to the media-converter -SFP are proper for the fiber : SFP SM for SM fiber type -Link on BOTH sides are UP and blinking... [F-Gate UTP] <--Cat 5e copper --> [ UTP MediaConverter SFP] <--Fiber --> [SFP FortiSwitch] any magic command from CLI (again...!) on Fgate or Fswitch ????? UPDATE: the SAME Fortinet SFP module plugged from switch to Fluke Analyzer and connected via media-converter to normal (non-fortilink) port in FGate works from the first kick ... WTH ?!?!?!? THA Tezro
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why can't you just do all fibre or all copper between the gate and the switch?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd love to, really! but ....
I have a couple of installations where FG-80x is to big (mostly 50x 60x) ... and this is a lowest model with SFP additionally pre-configured as WAN.
I know, I can change this to different port but still
Fortilink over third party devices (switches, wifi-bridges) is not straight-forward solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So, the connection in general works as a normal interface, but it's not activating fortilink?
There's really only a handful of things needed for fortilink... Make sure DHCP server is on the interface, make sure NTP is listening, and make sure the port on the switch has the isl profile applied so it actually attempts to negotiate fortilink. The isl profile isn't always enabled on all ports on the switch, but I would expect it to be enabled on sfps by default.
There are typically 2 lldp profiles on the switch, one labeled default and one labeled default-auto-isl. Only the ports that have the default-auto-isl will have fortilink enabled.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just had the same problem. Two FortiGates 60F in HA connected to two FSW124E-FPOE for redundancy and this works.
Then when we connect a switch in another room through a fiber (tested) and through media converters, The port on the main room goes up but the switch never connects. If we move that switch to the main room and connect it using a network cable, then the switch comes up no problem. We move it back to the other room and connect it to the fiber again, nothing.. niet.. nada
We will try a different model of media converter as this setup has already been done in another building by another cabling company and everything worked.
Edit: We tried the SFP module that come with the media converters into the FortiSwitches and it worked even if the FortiGate gives a message that the module is not from Fortinet. So the only thing that was removed is the media converter itself.
To make sure we do not have a problem with Fortinet support in the future, we will buy SFP transceivers to connect them in the switches to do the uplink.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tezro,
The most of the media converters cannot understand vlans (802.1q) and thats why you are having this behaviour.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK ... but ...
I always thought that that media-converters are always dumb L1 devices and they don't care about such complicated things like VLAN from another, far L2 world ...
They receive the electrical signals and change them to optical and vice versa -that's all ...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After finding this topic while having the exact same issue, I saw the response by PYY and looked further into it. After ordering converters that specifically supported VLAN traffic, it's working perfectly. I was using converters from 10Gtek and they were not working. I switched to a converter by AD-net and it worked right away, just like using a regular ethernet cable.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which model of AD-net worked? I have AD-net as well, states that it works with vlans, but it does not work. Specifically, it's this model - https://www.amazon.com/Multimode-Gigabit-Fiber-Converter-Built/dp/B07DWXXTT9.
BB
BB
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
FortiLink is a proprietary protocol that is used by Fortinet to establish a secure link between FortiGate and FortiSwitch devices. It's designed to work over Ethernet cables or fiber optic cables, and it's not recommended to use media converters between the devices.
Media converters are designed to convert signals from one media type to another, such as from copper to fiber optic or vice versa. While media converters are transparent to the traffic passing through them, they can introduce latency, jitter, and other issues that can cause problems with FortiLink.
Additionally, Fortinet recommends using Fortinet-branded SFP modules in both FortiGate and FortiSwitch devices to ensure optimal performance and compatibility. Using third-party SFP modules can cause issues with FortiLink and other Fortinet features.
If you need to connect FortiGate and FortiSwitch devices over a long distance, it's recommended to use fiber optic cables and repeaters instead of media converters. Fortinet also offers a range of network switches that are designed to work seamlessly with FortiGate devices, such as the FortiSwitch series.
Regarding your updated information, it's possible that the FortiLink protocol is not properly configured on the FortiGate or FortiSwitch devices. You may need to verify the configuration settings on both devices and ensure that the FortiLink protocol is enabled and configured correctly.
I hope this helps! Let me know if you have any further questions.
Thanks & Regards,
Faizal Emam
Faizal Emam
Thanks & Regards,Faizal Emam
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,721 -
FortiClient
1,768 -
5.2
801 -
FortiManager
732 -
5.4
639 -
FortiAnalyzer
560 -
FortiSwitch
476 -
FortiAP
473 -
FortiClient EMS
435 -
6.0
416 -
5.6
362 -
FortiMail
319 -
6.2
251 -
SSL-VPN
246 -
FortiAuthenticator v5.5
234 -
IPsec
210 -
Fortiweb
205 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
104 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
83 -
Customer Service
80 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
42 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
FortiConnect
30 -
VDOM
30 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiGate-VM
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSoar
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1720 | |
| 1093 | |
| 752 | |
| 447 | |
| 234 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.