Use the Switch Controller function, also known as FortiLink, to remotely manage FortiSwitch units. In the commonly-used layer 2 scenario, the FortiGate that is acting as a switch controller is connected to distribution FortiSwitch units. The distribution FortiSwitch units are in the top tier of stacks of FortiSwitch units and connected downwards with Convergent or Access layer FortiSwitch units. To leverage CAPWAP and the Fortinet proprietary FortiLink protocol, set up data and control planes between the FortiGate and FortiSwitch units.
FortiLink allows administrators to create and manage different VLANs, and apply the full-fledged security functions of FortiOS to them, such as 802.1X authentication and firewall policies. Most of the security control capabilities on the FortiGate are extended to the edge of the entire network, combining FortiGate, FortiSwitch, and FortiAP devices, and providing secure, seamless, and unified access control to users.
The following recipes provide information about switch controllers:
- FortiLink setup
- FortiLink auto network configuration policy
- FortiLink network sniffer extension
- FortiLink MCLAG configuration
- Standalone FortiGate as switch controller
- HA (A-P) mode FortiGate pairs as switch controller
- Authentication and security
- Flow and Device Detection
- Persistent MAC learning
- Split port mode (for QSFP / QSFP28)
- Dynamic VLAN name assignment from RADIUS attribute
- MSTI support
- Netflow and IPFIX support