Process to replace a FortiGate acting as Switch controller
Hi!. Currently we have a FortiSwitch directly connected and managed by a FortiGate. The trunk between the FortiSwitch and the FortiGate is automatically formed by fortilink (default-auto-isl), so the name of this trunk corresponds to the serial-number of the FortiGate. The FortiGate is managed by a FortiManager.
In the event of a FortiGate failure, what would be the process to replace it? Is it necessary to apply some configuration in the FortiSwitch so that the trunk updates the name or does this change automatically?
In the event of a FortiGate failure, the replacement process should be straightforward, especially if you are managing the FortiGate configuration through a FortiManager. The FortiSwitch trunk (FortiLink) will automatically update with the new FortiGate's serial number without needing manual changes.
+Make sure the new FortiGate has the same or compatible hardware and firmware version as the old one. +Restore Configuration: This process should apply all the necessary settings, including the FortiSwitch configuration.
+The FortiSwitch configuration, including the trunk interface (FortiLink), is typically managed by the FortiGate. When you restore the FortiGate configuration , it should automatically recreate the trunk interface with the new FortiGate's serial number.
In addition, if you're using some custom-command to configure like QoS on the fortilink/trunk interface, you need to update the command with the new FGT's S/N after swapping the FGT. To push it to the switches, you need to reboot the FGT again.
If you didn't configure it yourself and you want to make sure if your FGT is NOT using anything like that, just search the number part of S/N in CLI with "grep". The interface name always drops the first 'F' then starts with like 'GT60FTKxxxxxxx'.
I'm facing a situation where I have a FortiAP directly connected and managed by a FortiGate using a FortiLink trunk. The trunk's name corresponds to the FortiGate's serial number, established as the default-auto-isl. Now, in the unfortunate event of a FortiGate failure, I'm curious about the process to replace it smoothly. I wonder if there's a need to configure the FortiAP to ensure the trunk's name updates automatically or if it requires manual intervention.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.