Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1

    Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1

    More tests have been added to the FortiSwitch recommendations to help optimize your network:

    • When a connected tier-1 MCLAG peer group is detected and FortiOS detects a possible tier-2 MCLAG pair of switches, FortiOS recommends forming a tier-2 MCLAG.

      After you accept the recommendation, the set lldp-profile default-auto-mclag-icl command is configured on the two switches with the recommended interchassis link (ICL) ports, and the config switch auto-isl-port-group command is configured on the parent MCLAG peer group.

    • When a connected tier-2 MCLAG peer group is detected and FortiOS detects a possible tier-3 MCLAG pair of switches, FortiOS recommends forming a tier-3 MCLAG.

      After you accept the recommendation, the set lldp-profile default-auto-mclag-icl command is configured on the two switches with the recommended ICL ports, and the config switch auto-isl-port-group command is configured on the parent MCLAG peer group.

    Note

    For detection to be successful, there must be fully meshed connection (each tier-2 FortiSwitcch unit must have a connection to each tier-1 FortiSwitch unit; each tier-3 FortiSwitch unit must have a connection to each tier-2 FortiSwitch unit.
    Example

    In this example, a FortiGate device manages four FortiSwitch units. Two of the switches already form an MCLAG, and the user wants a second MCLAG tier for redundancy.

    1. In the FortiOS GUI, go to WiFi & Switch Controller > Managed FortiSwitches and verify that the two tier-2 FortiSwitch units are the same model so that they can form an MCLAG.

    2. Go to Security Fabric > Security Rating and click Run Now.

    3. After the security rating report has run, expand the Optimization results to see Enable MC-LAG Tier 2/3.

    4. Go to WiFi & Switch Controller > Managed FortiSwitches and hover over the link connecting the two tier-2 FortiSwitch units. Click Create MC-LAG pair.

    5. In the Create MC-LAG Pair panel, enter the ISL port group name.

    6. The Managed FortiSwitches page shows that the MCLAG is formed for the tier-2 managed FortiSwitch units.

    Previous
    Next

    Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1

    Support security rating recommendations for tier-2 and tier-3 MCLAGs 7.4.1

    More tests have been added to the FortiSwitch recommendations to help optimize your network:

    • When a connected tier-1 MCLAG peer group is detected and FortiOS detects a possible tier-2 MCLAG pair of switches, FortiOS recommends forming a tier-2 MCLAG.

      After you accept the recommendation, the set lldp-profile default-auto-mclag-icl command is configured on the two switches with the recommended interchassis link (ICL) ports, and the config switch auto-isl-port-group command is configured on the parent MCLAG peer group.

    • When a connected tier-2 MCLAG peer group is detected and FortiOS detects a possible tier-3 MCLAG pair of switches, FortiOS recommends forming a tier-3 MCLAG.

      After you accept the recommendation, the set lldp-profile default-auto-mclag-icl command is configured on the two switches with the recommended ICL ports, and the config switch auto-isl-port-group command is configured on the parent MCLAG peer group.

    Note

    For detection to be successful, there must be fully meshed connection (each tier-2 FortiSwitcch unit must have a connection to each tier-1 FortiSwitch unit; each tier-3 FortiSwitch unit must have a connection to each tier-2 FortiSwitch unit.
    Example

    In this example, a FortiGate device manages four FortiSwitch units. Two of the switches already form an MCLAG, and the user wants a second MCLAG tier for redundancy.

    1. In the FortiOS GUI, go to WiFi & Switch Controller > Managed FortiSwitches and verify that the two tier-2 FortiSwitch units are the same model so that they can form an MCLAG.

    2. Go to Security Fabric > Security Rating and click Run Now.

    3. After the security rating report has run, expand the Optimization results to see Enable MC-LAG Tier 2/3.

    4. Go to WiFi & Switch Controller > Managed FortiSwitches and hover over the link connecting the two tier-2 FortiSwitch units. Click Create MC-LAG pair.

    5. In the Create MC-LAG Pair panel, enter the ISL port group name.

    6. The Managed FortiSwitches page shows that the MCLAG is formed for the tier-2 managed FortiSwitch units.

    Previous
    Next