- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Fortilink (switch - fortigate) over media conv...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortilink (switch - fortigate) over media converter not working ...
Hello, The issue is: why Fortilink cannot be established over a media converter ? What are the limitations ...? Vendors of ""proper"" media-converters ??? I thought that media converter is only a dump converter: from electric signals to optical -so it does not introduce anything in the traffic -> ergo it completely transparent and FolrtiLink shoul (!) works What about config like this Of course : -FG is configured for FortLink on the port that is connected to the media-converter -SFP are proper for the fiber : SFP SM for SM fiber type -Link on BOTH sides are UP and blinking... [F-Gate UTP] <--Cat 5e copper --> [ UTP MediaConverter SFP] <--Fiber --> [SFP FortiSwitch] any magic command from CLI (again...!) on Fgate or Fswitch ????? UPDATE: the SAME Fortinet SFP module plugged from switch to Fluke Analyzer and connected via media-converter to normal (non-fortilink) port in FGate works from the first kick ... WTH ?!?!?!? THA Tezro
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Why can't you just do all fibre or all copper between the gate and the switch?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd love to, really! but ....
I have a couple of installations where FG-80x is to big (mostly 50x 60x) ... and this is a lowest model with SFP additionally pre-configured as WAN.
I know, I can change this to different port but still
Fortilink over third party devices (switches, wifi-bridges) is not straight-forward solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So, the connection in general works as a normal interface, but it's not activating fortilink?
There's really only a handful of things needed for fortilink... Make sure DHCP server is on the interface, make sure NTP is listening, and make sure the port on the switch has the isl profile applied so it actually attempts to negotiate fortilink. The isl profile isn't always enabled on all ports on the switch, but I would expect it to be enabled on sfps by default.
There are typically 2 lldp profiles on the switch, one labeled default and one labeled default-auto-isl. Only the ports that have the default-auto-isl will have fortilink enabled.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I just had the same problem. Two FortiGates 60F in HA connected to two FSW124E-FPOE for redundancy and this works.
Then when we connect a switch in another room through a fiber (tested) and through media converters, The port on the main room goes up but the switch never connects. If we move that switch to the main room and connect it using a network cable, then the switch comes up no problem. We move it back to the other room and connect it to the fiber again, nothing.. niet.. nada
We will try a different model of media converter as this setup has already been done in another building by another cabling company and everything worked.
Edit: We tried the SFP module that come with the media converters into the FortiSwitches and it worked even if the FortiGate gives a message that the module is not from Fortinet. So the only thing that was removed is the media converter itself.
To make sure we do not have a problem with Fortinet support in the future, we will buy SFP transceivers to connect them in the switches to do the uplink.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tezro,
The most of the media converters cannot understand vlans (802.1q) and thats why you are having this behaviour.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK ... but ...
I always thought that that media-converters are always dumb L1 devices and they don't care about such complicated things like VLAN from another, far L2 world ...
They receive the electrical signals and change them to optical and vice versa -that's all ...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After finding this topic while having the exact same issue, I saw the response by PYY and looked further into it. After ordering converters that specifically supported VLAN traffic, it's working perfectly. I was using converters from 10Gtek and they were not working. I switched to a converter by AD-net and it worked right away, just like using a regular ethernet cable.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which model of AD-net worked? I have AD-net as well, states that it works with vlans, but it does not work. Specifically, it's this model - https://www.amazon.com/Multimode-Gigabit-Fiber-Converter-Built/dp/B07DWXXTT9.
BB
BB
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
FortiLink is a proprietary protocol that is used by Fortinet to establish a secure link between FortiGate and FortiSwitch devices. It's designed to work over Ethernet cables or fiber optic cables, and it's not recommended to use media converters between the devices.
Media converters are designed to convert signals from one media type to another, such as from copper to fiber optic or vice versa. While media converters are transparent to the traffic passing through them, they can introduce latency, jitter, and other issues that can cause problems with FortiLink.
Additionally, Fortinet recommends using Fortinet-branded SFP modules in both FortiGate and FortiSwitch devices to ensure optimal performance and compatibility. Using third-party SFP modules can cause issues with FortiLink and other Fortinet features.
If you need to connect FortiGate and FortiSwitch devices over a long distance, it's recommended to use fiber optic cables and repeaters instead of media converters. Fortinet also offers a range of network switches that are designed to work seamlessly with FortiGate devices, such as the FortiSwitch series.
Regarding your updated information, it's possible that the FortiLink protocol is not properly configured on the FortiGate or FortiSwitch devices. You may need to verify the configuration settings on both devices and ensure that the FortiLink protocol is enabled and configured correctly.
I hope this helps! Let me know if you have any further questions.
Thanks & Regards,
Faizal Emam
Faizal Emam
Thanks & Regards,Faizal Emam
Related Posts
- Routing Issue on FortiGate 7.2.8 176 Views
- Use previously created VLANs (internal interface)... 228 Views
- Jumbo frame support on FortiSwitches managed... 223 Views
- Fortigate cloud subscription 223 Views
- Fortiswitch managed by Fortigate, but not... 350 Views
Labels
-
FortiGate
6,454 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.