Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AEK
SuperUser
SuperUser

Created on ‎03-02-2024 01:23 PM

Managing FortiSwitches through 3rd party L3 switches

Hello

I have 2 FG in A-P HA, connected to 2 3rd party L3 switches, connected to 2 3rd party L2 switches, as shown in the below diagram.

  • The FG ports are access ports (no VLAN tag) since they are connected to L3 switches
  • The FG reaches the VLANs defined on L2 switches via routes defined on the L3 switches
  • The FG ports do not have FortiLink enabled

s.png

I want to replace the 3rd party L2 switches with FortiSwitches.

When replacing them, what is the best way to manage the new FortiSwitches with FortiGate with minimum change to our existing architecture.

AEK
AEK
Labels:
508
0 Kudos
7 REPLIES 7
sahmed_FTNT
Staff
Staff

Created on ‎03-03-2024 11:42 AM

Hello, kindly see the below link for deployment options:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/89ed3d92-8935-11ec-9fd1-fa163e...

Security all we want
471
AEK
SuperUser
SuperUser
In response to sahmed_FTNT

Created on ‎03-03-2024 12:35 PM

Thanks for sharing.

Unfortunately I don't find there any suitable for my case.

AEK
AEK
461
0 Kudos
DPadula
Staff
Staff

Created on ‎03-03-2024 01:23 PM

Hi AEK,
I believe this is what you are looking for: https://community.fortinet.com/t5/FortiSwitch/Technical-Tip-FortiLink-mode-over-a-layer-3-network/ta...

 

457
AEK
SuperUser
SuperUser
In response to DPadula

Created on ‎03-04-2024 04:09 AM

Hi @DPadula 

Thanks a lot for sharing. It is indeed very useful info.

However in my case there are two FortiSwitches and FG has two independent ports connected to the 3rd party L3 switches, while FortiLink must be on one sigle port logical or physical. What you think are the best options available for such case?

AEK
AEK
425
DPadula
Staff
Staff
In response to AEK

Created on ‎03-04-2024 12:33 PM

Hi AEK
Are 3rd party L3 switches capable of work as single unit? Like Cisco stackwise or Juniper Virtual Chassis.

If you change the design to have both L3 switch working as a single unit might be a way, here are some options: https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/780635/switch-redund...
In case not, you might need to contact our SE team so they can help you out with the design. 

400
AEK
SuperUser
SuperUser
In response to DPadula

Created on ‎03-05-2024 09:57 PM

Thanks @DPadula for your advice.

In fact I did a mistake, I tested FortiLink interface on my FOS 6.2, on which only one interface (of any type) is supported. Then I found that there was improvement since then, so on 7.x it supports FortiLinks on multiple interface sets. This should help me find a solution.

I'll continue to dig and will share any findings.

AEK
AEK
343
DPadula
Staff
Staff
In response to AEK

Created on ‎03-06-2024 03:07 AM

Hi @AEK 
Avoid 6.2.x once it is out of support.
6.4.x will be out of support in Sep/2024. So I suggest you to avoid new deployment with this firmware. Focus on 7.0, 7.2 and 7.4 from now. 

324
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.