I need visibility into the health of my 33 FortiSwitches which are divided among seven access rings, with 1048's at distribution. These are all 448D FPOE switches. Fortinet support offered one idea which I like, but wanted to see if anyone else was doing this before I built it out. They suggested using the management ports on my switches to communicate with an snmp monitoring tool (like PRTG). This sounds like an elegant approach. So in a wiring closet with say six switches, I would use short patch cables to patch a management port into a switch port on an adjacent switch. I'd configure that port to be on a management vlan that my tool can access. I'd reconfigure the IP address of each management port to be unique on that new subnet and configure snmp on each switch. Then all I'd need to do is make sure the management platform has the Fortinet MIBs and then discover each switch and start monitoring.
We actually use Logic Monitor for our network monitoring, so I'd need to point their collectors at my FortiSwitch management ports to collect stats. I'd also want the switches to forward traps too for error events. I'll need to figure that out.
You can simply add an interface on a specific vlan on each switch
config system interface
set ip x.x.x.x x.x.x.x
set allowaccess ping https ssh snmp
set snmp-index xx
set vlanid xxxx
set interface "internal"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.