Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
M_M_SW
Contributor

Is FortiLink so hard to use?

There is a paragraph in the FortiOS 6.0 Handbook saying how the FortiSwitch is connected.

[style="background-color: #c0c0c0;"]The FortiGate unit manages all of the switches through one active FortiLink. The FortiLink can consist of one port or multiple ports (for a LAG).[/style]

 

 

What? Did I see something wrong? Only through the one FortiLink ?

 

I got so many Fortigate interface like DMZ, LAN, to connect different switch.

But if use FortiLink, your fortigate just can direct connect one switch then branch to another switch.

Cannot do DMZ connect one and LAN connect other one.

 

This is not work in real network structure.

Does anyone else have this kind of trouble?

How to solve it?

 

Thanks for your help.

2 REPLIES 2
phrancie
New Contributor

There are many ways to configure FortiSwitch through the FortiGate with FortiLink.  Your DMZ, WAN or LAN interfaces are not wasted when using FortiLink but it depends on what you're looking to accomplish.

 

The first thing I'll start by saying is as of FortiOS 5.6, you can configure multiple FortiLink interfaces on the FortiGate.  Refer to the FortiSwitch Devices Managed by FortiOS 5.6.3 guide on the Docs website and on page 61 you'll find the following information:

 

Enable multiple FortiLink interfaces

NOTE: Only the first FortiLink interface has GUI support.

Use the following command to enable or disable multiple FortiLink interfaces:

config switch-controller global

  set allow-multiple-interfaces {enable | disable }

end

 

Regardless if you enable multiple FortiLink interfaces or not, you can still use multiple physical ports in your single FortiLink configuration; it just depends on the interface type you have configured.  If you leave the interface in Hardware Switch mode with multiple physical ports selected and set the entire segment as Dedicated to FortiLink, you can then connect multiple FortiSwitch devices directly into the FortiGate.  You can also configure multiple physical ports on the FortiGate into an 802.3ad Aggregate interface allowing you to leverage LACP with active-passive or active-active failover to multiple distribution or access layer switches.

 

If I were to argue, which I try not to do, I would challenge your requirement on needing interfaces directly labeled as WAN, DMZ or even LAN on the FortiGate.  If you're leveraging VLANs across your network, you could just as easily create WAN, DMZ and LAN VLANs and connect your devices into your switches without needing specially labeled ports on the FortiGate.  Starting at the FortiGate 200E, these interfaces aren't identified anyhow and every port is simply labeled port1 through port16.

M_M_SW

First of all, thanks to phrancie for your response

 

But I have to say that this is not the solution I am expect.

I hope that one day Fortinet will allow multiple interfaces, multiple FortiLinks to show on the GUI.

That will be a good way to facilitate user management.

 

If Fortiswitch claims to be flexible and easy to deploy, it will not always insist on using an architecture must to do.

 

Finally, using ISL (inter switch link) is a bad experience because it can't mix other switches in the middle.

The actual situation in real world is that we must coexist with other brands of switches.

 

Anyway, thank you phrancie.

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors