Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ABUELKHAIR
New Contributor III

I need to change the Fortilink to Hardware type

I have FG60F and this default fortilink type is FortiLink (802.3ad Aggregate)

With this i can connect only one Fortiswicth and cascade the other switches, but it will cause single point of failure  

I need to change the fortilink type to Hardware switch then i can connect the three switches directly to the Fortigate as per the following document

 https://docs.fortinet.com/document/fortiswitch/7.2.4/fortilink-guide/801202/single-fortigate-unit-ma...

 

I tried the CLI and Gui and the only option is (802.3ad Aggregate)

 

Firmware is 7.2.4

 

Thx

 

13 REPLIES 13
Brent-BITSLLC

I would, but I was not the original poster.  I just kinda jumped in and we ended up in a related sideline chat. 

gfleming

Haha oh right.. All good!

Cheers,
Graham
AndyNZ
New Contributor III

Hi Abuelkhair,

 

Connecting one switch to the FortiGate (and adding other switches off it) is the recommended configuration from Fortinet. 

You should use a Fortilink LAG group for the connection to the first switch to avoid single points of failure- but obviously with only one FortiGate there is always some risk. 

If you connect multiple switches to the FortiGate (and the 60F is an entry level model) you rely on the FortiGate to perform switching between the switches. This is likely to cause performance bottlenecks- even if you can configure a hardware switch. 

However, if you do want to change the FortiLink interface to a hardware switch you need to ensure all config is removed from the FortiLink interface. IP addressing, DHCP server, NTP server, firewall policies must all be removed before you can make the changes. 

If you look in the interface cofig section of the GUI it will show the number of “references” against the interface. That needs to be 0 before you can make changes. 

Hope that helps a little. 

Kind Regards,

 

Andy Bailey, Christchurch, New Zealand
Andy Bailey, Christchurch, New Zealand
gfleming

Just a note for best redundancy you should use MC-LAG switch pairs connected to the FGT with other servers and switches downstream from that using LAGs for redundancy. If your switches do not support MC-LAG you should use the ring/stack topology.

 

Both of these options allow for one switch to fail and not lose your entire switching fabric.

 

In the case of having one switch connected to the FGT with a LAG if that switch goes down everything goes with it too.

 

Cheers,
Graham
Labels
Top Kudoed Authors