Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
underthewhip
New Contributor

Created on ‎09-16-2018 03:14 PM

Various problems with updates, cannot manage newly added FortiSwtich and FortiAP etc

My setup:

1x FG80E

1x FS108D

1x FS224D

3x FAP421E

I have a home network/Lab with the above mentioned products. One FortiAP and the FS224D was added today.

The FS108D is connected to the FG via Dedicated to FortiSwitch on port 12. This switch is the main switch, where all networks and APs are connected via VLANs.

Today I added the FS224D to port 11 and on that switch I added the third FortiAP. Then I authorized both devices. This is where the problems start:

[ul]
  • On port 11, there is no selection Dedicated to FortiSwitch. When I looked at my Managed FortiSwitches I could see them both but it looked like they were both on port 12(!) The switch which I added today might have been attached to port 12 in the past but doing a hard reset on the switch changed nothing. Still appearing on port 12. At this point I deleted the FS224D and added it again manually. Now It's there, but it's no longer "wired" to any port. In the list of interfaces, port 11 is up and green but still no option to dedicate the port though. In Security Fabric > Physical Topology It's red. [ul]
  • The AP behind the FS224D showed up at first when I authorized it. I then selected my AP-profile for it but it remained grayed out and seemed like it didn't get the profile. I added my AP-VLAN to the port on which the AP connects and allowed all VLANs on the uplink switchport and the native port was automatically set to vsw.port12. This changed nothing. Downloading an update to it presented some error. In Security Fabric > Physical Topology It's red.[/ul]
  • The Physical Topolgy view is wrong. According to it, everything is directly attached to the FG80E. The FG and old two FortiAPs are blue, Both FS and the new FAP are red. The only device that updating firmware works on is the FG, after a few errors (aren't there implied rules that allow the other devices to access updates online?). Uploading updates manually doesn't work either. I get errors, even if the firmware should be compatible. [/ul]

    My build is probably all wrong since I get the feeling that logic from working with other brands does not apply here. I've used the cookbooks to set it all up but unfortunately they don't cover my scenario so I've improvised some. I've already started from scratch several times when I reached the end of the rope. Feels like thats where I'm heading again with this many problems. Mind that it's all been working for months before I tried to add that new HW.

     

    I have plowed through most of the documentation, searching for keywords but I'm not finding good answers. From my description above, what can you guys read out?

    • 3937
    0 Kudos
    4 REPLIES 4
    makco10
    Contributor II

    Created on ‎10-18-2018 07:47 AM

    Hello,

     

    Check this,possibly help you.

     

    http://makcotechgeek.com/fortigate-5-4-4-fortiswitch-3-3-5-fortiap-5-4-1/

     

    Regards.

    Defend Your Enterprise Network With Fortigate Next Generation Firewall
    Defend Your Enterprise Network With Fortigate Next Generation Firewall
    2061
    0 Kudos
    tanr
    Valued Contributor II
    In response to makco10

    Created on ‎10-18-2018 09:11 AM

    What are your versions and firmware for everything?  Are they all versions that inter-operate?

     

    Have you enabled auto-discovery-fortilink on the switch ports you're connecting to with:

     

        config switch interface

            edit <port>

                set auto-discovery-fortilink enable

            end

     

    Are you allowing admin access CAPWAP for the interfaces (vlan or otherwise) that your FortiAPs are connected to?

     

    Have you rebooted the FortiSwitches an additional time, through GUI, SSH, or just pulling the plug?  Various FortiSwitch versions in the past had some issues when initially connected that are resolved by an additional reboot.

    2061
    0 Kudos
    underthewhip
    New Contributor
    In response to tanr

    Created on ‎10-19-2018 02:06 AM

    The problem was that FortiOS does not support more than one(1) dedicated switchport and I tried to configure a topology requiring two ports.

     

    My options were to either daisy-chain the switches or rebuild my network using a virtual/hardware switch and then add both switches to that. Since rebuilding is troublesome I chose the daisy-chain option.

     

    It was all in the FortiOS guide, but it would not hurt to state in the cookbooks that only one interface is available for the dedicated switchport.

    2060
    0 Kudos
    tanr
    Valued Contributor II
    In response to underthewhip

    Created on ‎10-19-2018 08:59 AM

    Agreed - would be helpful if the cookbook recipes mentioned the restriction.

     

    As an aside, I think supporting multiple FortiLink interfaces without requiring the FortiGate's internal switch interface would be a very worthwhile feature.  It would also make transitioning existing architectures to FortiSwitches much easier.  Feel free to contact your Fortinet SE and request this as an NFR (new feature request)!

    2061
    0 Kudos
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.