There are two ways to modify ports of your Fortiswitch using Fortimanager.
Option 1 Using device layer configuration. You need to go to CLI Configurations and then select the switch. Once you have done this changes then you can proceed to see install preview on Install Device Settings (only)
Option 2 Fortiswitch Module. If you are using Fortiswitch Template, modify the configuration using the template you already have. Once you have done this changes then you can proceed to see install preview on Install Device Settings (only)
Please consider that Templates have more priority than Device Layer configuration. If you use Template you must updates changes in Template otherwise you don't need to create a template to update your ports. You can do it directly on device layer configuration.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What is the best way of deploying a standardized switch model and L2 port/vlan configuration, but location specific L3 switch port configuration? Switch module templates could work, but DPP as a mode is not supported and i'm unsure if L3 vlan information would get pushed or only the switch port configuration.
Currently the only way i can see is through a regular cli script, but the issue there is how to do it without having to edit the switch serial number for every switch (up to 1400 in our case)
Created on 02-07-2022 08:18 AM Edited on 02-07-2022 10:39 AM
If DPP mode is available on Fortigate/Fortiswith but not on Fortimanager Switch Manager template we can include it on future firmware versions.
Could you share where do you configure DPP on a normal Fortiswitch or Fortigate?
Thanks for the response. Here's an example from my lab.
config switch-controller dynamic-port-policy
edit "wifi"
set fortilink "fortilink"
config policy
edit "Aruba-AP"
set hw-vendor "Aruba"
set vlan-policy "wifi"
next
end
and on the switchport
edit "port4"
set access-mode dynamic
set port-policy "wifi"
Thanks for sharing this help me to find a BUG already reported 0772396 "FMG missing fortiswitch dynamic policy GUI support."
I would recommend you can open a ticket support so that we can add your ticket to the reported BUG. There is no fix confirmed but opening the ticket will help to register cases with the problem. Regards!
I have received confirmation that central dynamic port policy is part of a project FortiSwitch to support NAC policy which will be available on Fortimanager 7.2.0.
Regards!
Again, thanks for the response. Useful to know that it's a bug rather than a missing feature. I'll go ahead and open a ticket as suggested.
Whilst we can work around pushing FSW port configurations via cli script, it would be much more user friendly to be able to do it via a FSW template
Just FYI, we asked for the hardware vendor device pattern to be added to DPP policies so we could add vlan policies to them, i think it took 2 weeks and we had an interim build for testing and now it's included in 7.0.4 GA. Really great response from Fortinet, the end customer was very impressed.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.