Is it possible to manage 3 switches from a single FortiGate and not daisy chain them? Goal is to have each switch connect directly to the FortiGate so if a single switch reboots it doesn't take down all of them. I see the single FortiLink interface and if I add the multiple physical interfaces to the link and connect the 2nd switch the link doesn't come up and the switch isn't discovered.
Thank you for this. I see this note:
Using the hardware or software switch interface in FortiLink mode is not recommended in most cases. It can be used when the traffic on the ports is very light because all traffic across the switches moves through the FortiGate unit.
Is it not recommended to link the devices directly to the FortiGate but rather to daisy-chain them? I understand that any East-West traffic will need to go through the FortiGate. My concern is if Switch1 is rebooted anything downstream of it, including Switch2 in the typical design, would go offline.
Should I be using the following example to setup a switch and then link this new switch to the FortiLink:
config system virtual-switch
set physical-switch "sw0"
The 2 switches I have are already authorized by the FortiGate and managed so would it be a matter of moving the cables and rebooting the switches and having them come back online on the new ports?
In addition, you'll have to configure the system interface part, and enable it for fortilink. If the switches are currently managed on another interface, they have to be transferred to the new one. You can simply delete and rediscover them via the new fortilink interface. If you want to preserve the configuration, then download fgt config, edit it manually to replace the old fortilink interface with the new one, and re-load it.
Rafael Gracioli | Consulting Systems Engineer, ADC and Switching
m: +31 6 50 28 72 99 | skype: rgracioli | e: firstname.lastname@example.org
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.