I have FG60F and this default fortilink type is FortiLink (802.3ad Aggregate)
With this i can connect only one Fortiswicth and cascade the other switches, but it will cause single point of failure
I need to change the fortilink type to Hardware switch then i can connect the three switches directly to the Fortigate as per the following document
I tried the CLI and Gui and the only option is (802.3ad Aggregate)
Firmware is 7.2.4
Thx
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I would, but I was not the original poster. I just kinda jumped in and we ended up in a related sideline chat.
Haha oh right.. All good!
Hi Abuelkhair,
Connecting one switch to the FortiGate (and adding other switches off it) is the recommended configuration from Fortinet.
You should use a Fortilink LAG group for the connection to the first switch to avoid single points of failure- but obviously with only one FortiGate there is always some risk.
If you connect multiple switches to the FortiGate (and the 60F is an entry level model) you rely on the FortiGate to perform switching between the switches. This is likely to cause performance bottlenecks- even if you can configure a hardware switch.
However, if you do want to change the FortiLink interface to a hardware switch you need to ensure all config is removed from the FortiLink interface. IP addressing, DHCP server, NTP server, firewall policies must all be removed before you can make the changes.
If you look in the interface cofig section of the GUI it will show the number of “references” against the interface. That needs to be 0 before you can make changes.
Hope that helps a little.
Kind Regards,
Just a note for best redundancy you should use MC-LAG switch pairs connected to the FGT with other servers and switches downstream from that using LAGs for redundancy. If your switches do not support MC-LAG you should use the ring/stack topology.
Both of these options allow for one switch to fail and not lose your entire switching fabric.
In the case of having one switch connected to the FGT with a LAG if that switch goes down everything goes with it too.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.