Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Support FortiSwitch management using HTTPS 7.4.2

    Support FortiSwitch management using HTTPS 7.4.2

    Starting in FortiOS 7.4.2 with FortiSwitchOS 7.4.2, you can use FortiLink with HTTPS to manage FortiSwitch units. Using FortiLink with HTTPS simplifies the management process and improves the user experience and efficiency.

    The FortiGate device supports using both the CAPWAP protocol and HTTPS at the same time. Each FortiSwitch unit supports using the CAPWAP protocol or HTTPS; you cannot use both protocols to manage the same FortiSwitch unit.

    FortiLink with HTTPS uses the same technology as FortiLAN Cloud to operate over both layer 2 and layer 3.

    When you are using FortiLink with HTTPS to manage FortiSwitch units, the same FortiLink features are supported as when you are using FortiLink with the CAPWAP protocol.

    To use FortiLink with HTTPS:

    1. On the FortiSwitch unit, enable the FortiLink HTTPS management mode (CAPWAP remains enabled):

      config switch-controller global

      set mgmt-mode https

      end

    2. On the FortiSwitch unit, set the FortiLAN Cloud service to FortiLink with HTTPS, enter the FortiLink IPv4 address, and enable the status:

      config system flan-cloud

      set service-type fortilink-https

      set name <FortiLink_IPv4_addresss>

      set status enable

      end

    3. On the FortiGate device, authorize the FortiSwitch unit if it has not already been authorized:

      config switch-controller managed-switch

      edit <FortiSwitch_serial_number>

      set fsw-wan1-admin enable

      next

      end

    4. On the FortiGate device, check that the tunnel has been established to allow FortiLink with HTTPS:

      execute switch-controller get-conn-status

      For example:

      FGT_A (vdom1) (Interim)# execute switch-controller  get-conn-status
Managed-devices in current vdom vdom1:

FortiLink interface : port11
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS        JOIN-TIME            SERIAL
S524DN4K16000116  v7.4.0 (0796)     Authorized/Up   2T   10.255.1.2      Mon Dec 18 15:41:34 2023    S524DN4K16000116
S248EPTF18001384  v7.4.1 (787)      Authorized/Up   2    10.255.1.5      Mon Dec 18 15:41:43 2023    S248EPTF18001384
S248EPTF18001827  N/A               Discovered/Down 2                    N/A                         S248EPTF18001827
S124EN5918003682  N/A               Discovered/Down 2                    N/A                         S124EN5918003682

	Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 2=L2, 3=L3, V=VXLAN, T=tunnel, X=External
	Managed-Switches: 4 (UP: 2 DOWN: 2 MAX: 72)

    5. On the FortiSwitch unit, check that FortiLAN Cloud has established the FortiLink connection:

      S224DF3X15000367 # get system flan-cloud-mgr connection-info

      For example:

      S524DN4K16000116 # get system flan-cloud-mgr connection-info

Service Name:           : FortiLink
User Account-ID         : 0
SSL verify Code         : ok
Access Service          : IP= 10.255.1.1, Port= 443, Connected on: 2023-12-18 15:41:33
Bootstrap Service       : hostname= , Port= 0

State-Machine           : State= FLAN_MGR_STATE_READY, Event= EV_READY_SSL_SESSION_ESTD

SSL Local End-Point     : Interface: internal,  IP: 10.255.1.2
SSL Tunnel Uptime       : Days: 0  Hours: 0 Mins: 2 [Connected @2023-12-18 15:41:33]
SSL Tunnel stats        : restart-count= 279, Restart Reason= Boot-Strap fails to setup SSL to Cloud

Stats:
========
Switch  Keep Alive  Tx/Reply := 3 / 1
Manager Keep Alive  Rx/Error := 2 / 0

Socks   Req Rx/Last Stream-ID  := 1193 / 5
Reset   Req Rx/last Stream-ID  := 137 / 276
Goaway  Req Rx  := 0
Unknown Req Rx  := 0

Syslog FD/Tx/Err  := 10 / 62 / 0

FortiLink details
=======================
stream_id : 5
online state_id : 7
localSock fd : 11
stpTelSock fd : 12
dhcpTelSock fd : 13
igmpsTelSock fd : 14
macSock fd : 15
cmfSock fd : 16
FortiGate - no response counter : 0
FortiGate - [Last no response time @1969-12-31 16:00:00]
online TX counter : 6
online RX_ACK counter : 6
online RX_NACK counter : 0
topology req : 8
topology resp : 4
system telemetry req : 8
system telemetry resp : 3
interface telemetry req : 2
interface telemetry resp : 2
mac telemetry req : 0
mac telemetry resp : 0
dot1x user req : 0
dot1x user resp : 0
lldp nbr req : 0
lldp nbr resp : 0
mac cache req : 0
mac cache resp : 0
trunk state req : 21
trunk state resp : 7
port state req : 4
port state resp : 2
poe status req : 0
poe status resp : 0

Used SOCKS stream-id:
=======================
SID       SockFd    Proxy-Ports            State         Description

___________________________________________________________________
1         0         UNKNOWN:0<-->0         DATA         BOOTSTRAP
3         0         UDP:9514<-->0          DATA         SYSLOG DATA
5         0         UNKNOWN:0<-->0         DATA         FORTILINK
    To log in from the FortiGate device to a switch managed by FortiLink with HTTPS:

    execute switch-controller ssh <FortiSwitch_user_name> <FortiSwitch_serial_number>

    For example:

    execute switch-controller ssh admin S524DF4K15000024

    Previous
    Next

    Support FortiSwitch management using HTTPS 7.4.2

    Support FortiSwitch management using HTTPS 7.4.2

    Starting in FortiOS 7.4.2 with FortiSwitchOS 7.4.2, you can use FortiLink with HTTPS to manage FortiSwitch units. Using FortiLink with HTTPS simplifies the management process and improves the user experience and efficiency.

    The FortiGate device supports using both the CAPWAP protocol and HTTPS at the same time. Each FortiSwitch unit supports using the CAPWAP protocol or HTTPS; you cannot use both protocols to manage the same FortiSwitch unit.

    FortiLink with HTTPS uses the same technology as FortiLAN Cloud to operate over both layer 2 and layer 3.

    When you are using FortiLink with HTTPS to manage FortiSwitch units, the same FortiLink features are supported as when you are using FortiLink with the CAPWAP protocol.

    To use FortiLink with HTTPS:

    1. On the FortiSwitch unit, enable the FortiLink HTTPS management mode (CAPWAP remains enabled):

      config switch-controller global

      set mgmt-mode https

      end

    2. On the FortiSwitch unit, set the FortiLAN Cloud service to FortiLink with HTTPS, enter the FortiLink IPv4 address, and enable the status:

      config system flan-cloud

      set service-type fortilink-https

      set name <FortiLink_IPv4_addresss>

      set status enable

      end

    3. On the FortiGate device, authorize the FortiSwitch unit if it has not already been authorized:

      config switch-controller managed-switch

      edit <FortiSwitch_serial_number>

      set fsw-wan1-admin enable

      next

      end

    4. On the FortiGate device, check that the tunnel has been established to allow FortiLink with HTTPS:

      execute switch-controller get-conn-status

      For example:

      FGT_A (vdom1) (Interim)# execute switch-controller  get-conn-status
Managed-devices in current vdom vdom1:

FortiLink interface : port11
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS        JOIN-TIME            SERIAL
S524DN4K16000116  v7.4.0 (0796)     Authorized/Up   2T   10.255.1.2      Mon Dec 18 15:41:34 2023    S524DN4K16000116
S248EPTF18001384  v7.4.1 (787)      Authorized/Up   2    10.255.1.5      Mon Dec 18 15:41:43 2023    S248EPTF18001384
S248EPTF18001827  N/A               Discovered/Down 2                    N/A                         S248EPTF18001827
S124EN5918003682  N/A               Discovered/Down 2                    N/A                         S124EN5918003682

	Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 2=L2, 3=L3, V=VXLAN, T=tunnel, X=External
	Managed-Switches: 4 (UP: 2 DOWN: 2 MAX: 72)

    5. On the FortiSwitch unit, check that FortiLAN Cloud has established the FortiLink connection:

      S224DF3X15000367 # get system flan-cloud-mgr connection-info

      For example:

      S524DN4K16000116 # get system flan-cloud-mgr connection-info

Service Name:           : FortiLink
User Account-ID         : 0
SSL verify Code         : ok
Access Service          : IP= 10.255.1.1, Port= 443, Connected on: 2023-12-18 15:41:33
Bootstrap Service       : hostname= , Port= 0

State-Machine           : State= FLAN_MGR_STATE_READY, Event= EV_READY_SSL_SESSION_ESTD

SSL Local End-Point     : Interface: internal,  IP: 10.255.1.2
SSL Tunnel Uptime       : Days: 0  Hours: 0 Mins: 2 [Connected @2023-12-18 15:41:33]
SSL Tunnel stats        : restart-count= 279, Restart Reason= Boot-Strap fails to setup SSL to Cloud

Stats:
========
Switch  Keep Alive  Tx/Reply := 3 / 1
Manager Keep Alive  Rx/Error := 2 / 0

Socks   Req Rx/Last Stream-ID  := 1193 / 5
Reset   Req Rx/last Stream-ID  := 137 / 276
Goaway  Req Rx  := 0
Unknown Req Rx  := 0

Syslog FD/Tx/Err  := 10 / 62 / 0

FortiLink details
=======================
stream_id : 5
online state_id : 7
localSock fd : 11
stpTelSock fd : 12
dhcpTelSock fd : 13
igmpsTelSock fd : 14
macSock fd : 15
cmfSock fd : 16
FortiGate - no response counter : 0
FortiGate - [Last no response time @1969-12-31 16:00:00]
online TX counter : 6
online RX_ACK counter : 6
online RX_NACK counter : 0
topology req : 8
topology resp : 4
system telemetry req : 8
system telemetry resp : 3
interface telemetry req : 2
interface telemetry resp : 2
mac telemetry req : 0
mac telemetry resp : 0
dot1x user req : 0
dot1x user resp : 0
lldp nbr req : 0
lldp nbr resp : 0
mac cache req : 0
mac cache resp : 0
trunk state req : 21
trunk state resp : 7
port state req : 4
port state resp : 2
poe status req : 0
poe status resp : 0

Used SOCKS stream-id:
=======================
SID       SockFd    Proxy-Ports            State         Description

___________________________________________________________________
1         0         UNKNOWN:0<-->0         DATA         BOOTSTRAP
3         0         UDP:9514<-->0          DATA         SYSLOG DATA
5         0         UNKNOWN:0<-->0         DATA         FORTILINK
    To log in from the FortiGate device to a switch managed by FortiLink with HTTPS:

    execute switch-controller ssh <FortiSwitch_user_name> <FortiSwitch_serial_number>

    For example:

    execute switch-controller ssh admin S524DF4K15000024

    Previous
    Next