Why does Fortigate require me to make LACP configurations separate networks?
Hi! First post.
I recently got into a Fortigate 40f and then quickly upgraded to a 60f (not a waste; I have another use coming up for the 40f). I have the Fortigate connected to multiple WANs (in SD-WAN), PC, TV/chromecast and a WAP. I'm also connected to a distant home office where I plan to have a cisco stack of two switches with some other PC/Server devices, TV/chromecast, another WAP and some IoT (wireless bulbs and cameras). I plan to LACP the cisco stack back to the Fortigate. I want everything on the same network and, in the future, I plan to move the WAPs and IoT off to a separate vlan.
My question is this: Why must I make the LACP connection to my cisco stack a separate network on the fortigate? This is essentially just etherchannelling "two" switches together - the Fortigate hardware switch and the cisco stack. Is there a way to have all Fortigate LAN and Fortilink ports on the same hardware switch and still use LACP to connect my cisco stack such that everything is on the same LAN segment?
Fortilink is for like FortiSwitches(FSWs) connected over CAPWAP. If you don't have FortiSwitches, you don't have to use Fortilink. You can "de-configure" fortilink A, B port to be independent ports. Then you can configure LAG/LACP interface on your 60F, or even 40F.
Right, I get that. But when I create an LACP Interface, I must put it on a separate network (IP). I don't want to. I want it to work like many other switches where I can just etherchannel them together and have one larger network that includes the Fortigate switch ports.
Are you talking about the "Create address object matching subnet"? That's only for an address object you can use it later in FW policies or some other places. If you don't plan to use it, you can just disable it. You can create an address object later if/when you need it.
But you don't define an IP nor IP network for a cisco portchannel nor etherchannel. You can choose at what layer to apply load balancing but portchannels/etherchannels just extend the layer 2 network in the same way a simple ISL would do.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.