fortilink split-interface priority

pkm · ‎01-24-2025

Hello Community

In a FortiLink split-interface setup, how can i decide, which interface should be prefered?

Background

100F Cluster

Interface x1 and x2 belong to FortiLink Agg Interface

x1 goes to 1024E "Core-Main"

x2 goes to FSW1xxF Series Switch "Core-Backup"

From 1024E "Core-Main" we go to each access switch (hub & Spoke setup)

From 1xx "Core-Backup" we go to access switch-1 then switch-2, switch-3, switch-n

By this, if 1024 should be offline or damaged, we still have each access switch somehow connected to the firewall and can provide services. we do have a massive impact on bandwith within the network, but it works unit one can replace the hardware)

Initialy I had the idea to use a hardware switch on the fortigate, but we need block-intra-vlan and other features, that are not supportet on a switch on the FGT

A second 1024 is in budget for 2026, since then we have to work with the above setup.

So this i why I have to rely on split-interface active, and "need" to prioritze FGT's x1 Interface

According to the cli reference of 7.2.10 there is a command "fortilink-backup-link <integer>" but my fortigate does not know about this command

Any ideas?

/BR

Philippe

Anthony_E · ‎01-26-2025

Hello Philippe,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

AEK · ‎01-27-2025

Hi Philippe

I noticed on my FGT the parameter "priority" which is present only on network ports that are part of a FortiLink. I found this parameter is not well documented, and I didn't have the chance to test it, but I think it is worth testing.

AEK

pkm · ‎01-27-2025

Hello AEK

According to the info I found so far, this priority setting is used for routing purposes e.g. route priority

I was using this setting as well but it did not have any impact. I'll test it more within the next few days

AEK · ‎01-27-2025

Hi PKM

In that case I wonder why this "priority" setting is only available for interfaces that are part of FortiLink?

AEK

pkm · ‎01-27-2025

I have the "priority" switch for all physical interfaces

config system interface
edit "x1"
  set vdom "root"
  set type physical
  set mediatype sr
  set speed 10000full
next
edit "x2"
  set vdom "root"
  set priority 10
  set type physical
  set mediatype sr
  set speed 10000full
next
edit "fortilink"
  set vdom "root"
  set fortilink enable
  set ip 172.16.98.1 255.255.255.0
  set allowaccess ping fabric
  set type aggregate
  set member "x1" "x2"
  set lldp-reception enable
  set lldp-transmission enable
  set switch-controller-nac "fortilink"
  set switch-controller-dynamic "fortilink"
  set swc-first-create 255
next
end

And the inline help, states that this setting is for route priorisation

Firewall (x1) # set p
priority Priority of learned routes.
preserve-session-route Enable/disable preservation of session route when dirty.

Firewall (x1) #

also here, i can set the priority to port1 which does not belong to a fortilink

config system interface
edit "port1"
  set vdom "root"
  set priority 10
  set type physical
  set snmp-index 7
next
end

This is a FGT100F running 7.2.10 if that may make a difference

fortilink split-interface priority

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website