Getting Started
Some FortiSwitch units might have a sticker on them with an outdated procedure. Use the procedures in the FortiLAN Cloud Administration Guide instead of procedures on the sticker. |
NOTE: The following are the requirements to use all of the features of FortiLAN Cloud:
- Register your FortiSwitch units with Fortinet Support (https://support.fortinet.com).
- Check that your FortiSwitch units are running FortiSwitchOS 6.0.0 or later.
- Check that your FortiSwitch units are connected to the Internet.
- Subscribe to FortiCare (https://www.fortinet.com/support-and-training/support-services/forticare-support.html).
- Purchase a Management license for each FortiSwitch unit through authorized Fortinet resellers and distributors. For information on the FortiLAN Cloud license offering, see Licensing.
- After you purchase a FortiSwitch Management license, you need to register it in your FortiCare account.
- FortiLAN Cloud will automatically import the license from your FortiCare account during its regular license check. Depending on when the license was registered, there might be a delay before the license is available in FortiLAN Cloud.
- Set your FortiSwitch units to the standalone mode.
- Check that the system time on your FortiSwitch units is accurate. To set the time on your FortiSwitch unit, see the FortiSwitchOS Administration Guide—Standalone Mode.
Supported models
FortiLAN Cloud supports all FortiSwitch units running FortiSwitchOS Release 6.0.0 or later
To get started using FortiLAN Cloud, follow these procedures:
- Using the correct switch management mode for cloud management
- Enabling and disabling cloud management
- Deploying FortiSwitch device to a network
Using the correct switch management mode for cloud management
To manage a FortiSwitch unit from FortiLAN Cloud, make certain that the switch management mode is set to local
using the following commands on your FortiSwitch unit:
config system global
set switch-mgmt-mode local
end
If your FortiSwitch unit is in FortiLink mode, you need to change your switch management mode to local and also run the following command on your FortiGate unit:
execute switch-controller set-standalone <switch-id>
This command returns the FortiSwitch unit to the factory defaults, reboots the FortiSwitch unit, and prevents the FortiGate unit from automatically detecting and authorizing the FortiSwitch unit.
Checking your Cloud configuration
To check your Cloud configuration, use the following commands:
S524DF4K15000024 # config system flan-cloud S524DF4K15000024 (flan-cloud) # get
interval : 45 name : fortiswitch-dispatch.forticloud.com port : 443 status : enable
Option | Description |
---|---|
interval | The time in seconds allowed for domain name system (DNS) resolution. The default is 15 seconds. The range of values is 3-300 seconds. |
name | The domain name for FortiLAN Cloud. By default, this field is set to fortiswitch-dispatch.forticloud.com . |
port | Port number used to connect to FortiLAN Cloud. The default is port 443. |
status | Whether access to FortiLAN Cloud is enabled or disabled. By default, the status is set to enable . |
To check your connections to FortiLAN Cloud, use the get system flan-cloud-mgr connection-info
command.
The State-Machine field is set to FSMGR_STATE_READY when your FortiSwitch unit is being managed by FortiLAN Cloud. The SSL tunnel is the secure communication channel between your FortiSwitch unit and FortiLAN Cloud. FortiLAN Cloud uses the Socket Secure protocol (SOCKS) to communicate with your FortiSwitch units.
For example:
S524DF4K15000024 # get system flan-cloud-mgr connection-info User Account-ID: : 012345 Dispatch Service : IP= xx.xx.xx.xx SSL verify Code : ok Access Service : IP= xx.xx.xx.xx, Port= 443, Connected on: 2018-11-28 10:59:32 Bootstrap Service : hostname= xxxxxxxxxx, Port= 8000 Remote Assistance : Disabled. State-Machine : State= FSMGR_STATE_READY, Event= EV_READY_HBEAT_GOOD SSL Local End-Point : Interface: mgmt, IP: xx.xx.xx.xx SSL Tunnel Uptime : Days: 0 Hours: 2 Mins: 22 [Connected @2018-11-28 10:59:32] SSL Tunnel stats : restart-count= 4, Reason= Configuration Change Stats: ======== Switch Keep Alive Tx/Reply := 45 / 45 Manager Keep Alive Rx/Error := 45 / 0 Socks Req Rx/Last Stream-ID := 224 / 14 Reset Req Rx/last Stream-ID := 8 / 12 Goaway Req Rx := 0 Unknown Req Rx := 0 Syslog FD/Tx/Err := 8 / 3 / 0 Used SOCKS stream-id: ======================= SID SockFd State Description ___ ______ _____ _______________ 18 10 DATA REST REQ 5 0 DATA SYSLOG DATA
Enabling and disabling cloud management
To allow your FortiSwitch unit to be managed by FortiLAN Cloud, use the following commands:
config system flan-cloud
set status enable
end
If you want to remove a FortiSwitch unit from FortiLAN Cloud, use the following commands:
config system flan-cloud
set status disable