Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
James_Ndefo
New Contributor

Created on ‎08-11-2016 11:33 AM

Multiple VDOMs with Fortiswitch 448 FPOE

Hello All,

 

I have FGT600Ds(HA) vdom enabled with Fortilink to a Fortiswitch 448D FPOE and fortilinked to other switches (Stacking). I have been able to get this to work but just on one VDOM. I'm needing to be able to create VLANs on other VDOMs using these same stacked switches. Has anyone been able to implement FGT(MUTIPLE VDOMS)--forlink---fortiswitch?

 

thanks for your help in advance

6064
0 Kudos
7 REPLIES 7
James_Ndefo
New Contributor

Created on ‎08-22-2016 11:46 AM

Hello Zhunissov4,

 

I had attempted this before the trend, what I'm finding is that you can't iauthorize the fortiswitches on multiple vdoms.

 

So i authorized the Fortiswitches on the root vdom then attempted creating VLAN interfaces for other VDOMs, when i attach an interface on that switch to the second vdom, it spins and spins and spins. I have to delete the vlan on second vdom to be able to manage the fortiswitches again. running firmware 5.4.1 and 3.4.2 on Fortigate and Fortiswitch respectively

1269
0 Kudos
plsikk
New Contributor III

Created on ‎04-12-2024 11:19 AM Edited on ‎04-13-2024 07:18 AM

Hello

I know this is very very old topic but I have to create something similar. The goal is to create infrastructure base on the FGT and many FS with 2 or 3  vdoms and distribute vdoms across this network. On the and I need assign part of the ports on every switches to different vdom, Is it possible on os 7.2 ? How to do this .

 

Concept

2024-04-13_16-14-10.png

 

For any help, I'll be appreciated. 

Even if it will be confirmation from Fortinet - "no it is not possible" :D

 

Best regards
Best regards
285
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎04-12-2024 12:02 PM Edited on ‎04-12-2024 12:09 PM

I could be wrong but if you "manage" FSWs from a FGT over fortilink, the FSWs are managed at the vdom the fortilink is terminated at. By default "root" vdom. Then all ports and VLANs you create from the switch-controller at the FGT specifically at root vdom would belong to the root vdom. So I don't think it's possible if "managed".

 

My recommendation if you have to use FSWs instead of other types of switches like Cisco, Juniper, HPE, or whatever, you configure them as "standalone" then they would work as any other types of switches, except some feature differences. Then you can do whatever you need to do, like setting up multiple VLAN sets and create clusters of ports with those VLAN sets then connect them to FGT's ports per VDOM.

Wait for other comments that deny my claim.

Toshi

281
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎04-13-2024 05:03 AM

It seems this doc says you can.

https://docs.fortinet.com/document/fortiswitch/7.0.8/devices-managed-by-fortios/801172/multitenancy-...

AEK
AEK
240
Toshi_Esumi
SuperUser
SuperUser
In response to AEK

Created on ‎04-13-2024 10:17 AM Edited on ‎04-13-2024 10:19 AM

I see, then you can. Thanks @AEK 
It would be much simpler if they're standalone though.

Toshi

220
0 Kudos
plsikk
New Contributor III
In response to AEK

Created on ‎04-14-2024 07:33 AM Edited on ‎04-14-2024 07:34 AM

from CLI is ok, In theory ports and vlans from different are shared via Fortilink, but I think it is a FGT bug in 7.2.7 because I see switch in vdom2 but I don't see ports in GUI. 

this is view from root VDOM

2024-04-14_16-27-41.png

 

 and ports 3 and 5 are exported to other VDOM

but in other VDOM I should see this ports , but list is empty

from CLI config is fine.

Now will go to test policy and traffic 

Best regards
Best regards
191
0 Kudos
AEK
SuperUser
SuperUser
In response to plsikk

Created on ‎04-14-2024 08:52 AM Edited on ‎04-14-2024 09:01 AM

It seems like the resolved issue on 7.2.8.

 

937065

On the WiFi & Switch Controller > FortiSwitch Ports page, FortiSwitch ports that are exported to non-root VDOMs are incorrectly shown as down.

This is a GUI issue that does not affect the functioning of the exported ports. The correct port status can be seen on the port tooltip, or using the CLI.

 

Try update your FSW to the latest patch 7.2.7 as well.

AEK
AEK
186
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.