FortiLAN Cloud User Guide

Home FortiLAN Cloud 23.2.0 FortiLAN Cloud User Guide

23.2.0

Getting Started

Some FortiSwitch units might have a sticker on them with an outdated procedure. Use the procedures in the FortiLAN Cloud Administration Guide instead of procedures on the sticker.

NOTE: The following are the requirements to use all of the features of FortiLAN Cloud:

Register your FortiSwitch units with Fortinet Support (https://support.fortinet.com).
Check that your FortiSwitch units are running FortiSwitchOS 6.0.0 or later.
Check that your FortiSwitch units are connected to the Internet.
Subscribe to FortiCare (https://www.fortinet.com/support-and-training/support-services/forticare-support.html).
Purchase a Management license for each FortiSwitch unit through authorized Fortinet resellers and distributors. For information on the FortiLAN Cloud license offering, see Licensing.
1. After you purchase a FortiSwitch Management license, you need to register it in your FortiCare account.
2. FortiLAN Cloud will automatically import the license from your FortiCare account during its regular license check. Depending on when the license was registered, there might be a delay before the license is available in FortiLAN Cloud.
Set your FortiSwitch units to the standalone mode.
Check that the system time on your FortiSwitch units is accurate. To set the time on your FortiSwitch unit, see the FortiSwitchOS Administration Guide—Standalone Mode.

Supported models

FortiLAN Cloud supports all FortiSwitch units running FortiSwitchOS Release 6.0.0 or later

To get started using FortiLAN Cloud, follow these procedures:

Using the correct switch management mode for cloud management
Enabling and disabling cloud management
Deploying FortiSwitch device to a network

Using the correct switch management mode for cloud management

To manage a FortiSwitch unit from FortiLAN Cloud, make certain that the switch management mode is set to local using the following commands on your FortiSwitch unit:

config system global

set switch-mgmt-mode local

end

If your FortiSwitch unit is in FortiLink mode, you need to change your switch management mode to local and also run the following command on your FortiGate unit:

execute switch-controller set-standalone <switch-id>

This command returns the FortiSwitch unit to the factory defaults, reboots the FortiSwitch unit, and prevents the FortiGate unit from automatically detecting and authorizing the FortiSwitch unit.

Checking your Cloud configuration

To check your Cloud configuration, use the following commands:

S524DF4K15000024 # config system flan-cloud
S524DF4K15000024 (flan-cloud) # get

interval            : 45
name                : fortiswitch-dispatch.forticloud.com
port                : 443
status              : enable

Option	Description
interval	The time in seconds allowed for domain name system (DNS) resolution. The default is 15 seconds. The range of values is 3-300 seconds.
name	The domain name for FortiLAN Cloud. By default, this field is set to `fortiswitch-dispatch.forticloud.com`.
port	Port number used to connect to FortiLAN Cloud. The default is port 443.
status	Whether access to FortiLAN Cloud is enabled or disabled. By default, the status is set to `enable`.

To check your connections to FortiLAN Cloud, use the get system flan-cloud-mgr connection-info command.

The State-Machine field is set to FSMGR_STATE_READY when your FortiSwitch unit is being managed by FortiLAN Cloud. The SSL tunnel is the secure communication channel between your FortiSwitch unit and FortiLAN Cloud. FortiLAN Cloud uses the Socket Secure protocol (SOCKS) to communicate with your FortiSwitch units.

For example:

S524DF4K15000024 # get system flan-cloud-mgr connection-info
			
User Account-ID:    : 012345
Dispatch Service    : IP= xx.xx.xx.xx
SSL verify Code     : ok
Access Service      : IP= xx.xx.xx.xx, Port= 443, Connected on: 2018-11-28 10:59:32
Bootstrap Service   : hostname= xxxxxxxxxx, Port= 8000	

Remote Assistance   : Disabled.		
State-Machine       : State= FSMGR_STATE_READY, Event= EV_READY_HBEAT_GOOD	
					
SSL Local End-Point : Interface: mgmt, IP: xx.xx.xx.xx			
SSL Tunnel Uptime   : Days: 0  Hours: 2 Mins: 22 [Connected @2018-11-28 10:59:32]
SSL Tunnel stats    : restart-count= 4, Reason= Configuration Change

Stats:
========
Switch  Keep Alive  Tx/Reply := 45 / 45
Manager Keep Alive  Rx/Error := 45 / 0

Socks   Req Rx/Last Stream-ID := 224 / 14
Reset   Req Rx/last Stream-ID := 8 / 12
Goaway  Req Rx  := 0
Unknown Req Rx  := 0
			
Syslog FD/Tx/Err := 8 / 3 / 0

Used SOCKS stream-id:
=======================
SID             SockFd          State           Description
___             ______          _____           _______________
18              10              DATA            REST REQ
5               0               DATA            SYSLOG DATA

Enabling and disabling cloud management

To allow your FortiSwitch unit to be managed by FortiLAN Cloud, use the following commands:

config system flan-cloud

set status enable

end

If you want to remove a FortiSwitch unit from FortiLAN Cloud, use the following commands:

config system flan-cloud

set status disable

Some FortiSwitch units might have a sticker on them with an outdated procedure. Use the procedures in the FortiLAN Cloud Administration Guide instead of procedures on the sticker.

NOTE: The following are the requirements to use all of the features of FortiLAN Cloud:

Register your FortiSwitch units with Fortinet Support (https://support.fortinet.com).
Check that your FortiSwitch units are running FortiSwitchOS 6.0.0 or later.
Check that your FortiSwitch units are connected to the Internet.
Subscribe to FortiCare (https://www.fortinet.com/support-and-training/support-services/forticare-support.html).
Purchase a Management license for each FortiSwitch unit through authorized Fortinet resellers and distributors. For information on the FortiLAN Cloud license offering, see Licensing.
1. After you purchase a FortiSwitch Management license, you need to register it in your FortiCare account.
2. FortiLAN Cloud will automatically import the license from your FortiCare account during its regular license check. Depending on when the license was registered, there might be a delay before the license is available in FortiLAN Cloud.
Set your FortiSwitch units to the standalone mode.
Check that the system time on your FortiSwitch units is accurate. To set the time on your FortiSwitch unit, see the FortiSwitchOS Administration Guide—Standalone Mode.

Supported models

FortiLAN Cloud supports all FortiSwitch units running FortiSwitchOS Release 6.0.0 or later

To get started using FortiLAN Cloud, follow these procedures:

Using the correct switch management mode for cloud management
Enabling and disabling cloud management
Deploying FortiSwitch device to a network

Using the correct switch management mode for cloud management

To manage a FortiSwitch unit from FortiLAN Cloud, make certain that the switch management mode is set to local using the following commands on your FortiSwitch unit:

config system global

set switch-mgmt-mode local

end

If your FortiSwitch unit is in FortiLink mode, you need to change your switch management mode to local and also run the following command on your FortiGate unit:

execute switch-controller set-standalone <switch-id>

This command returns the FortiSwitch unit to the factory defaults, reboots the FortiSwitch unit, and prevents the FortiGate unit from automatically detecting and authorizing the FortiSwitch unit.

Checking your Cloud configuration

To check your Cloud configuration, use the following commands:

S524DF4K15000024 # config system flan-cloud
S524DF4K15000024 (flan-cloud) # get

interval            : 45
name                : fortiswitch-dispatch.forticloud.com
port                : 443
status              : enable

Option	Description
interval	The time in seconds allowed for domain name system (DNS) resolution. The default is 15 seconds. The range of values is 3-300 seconds.
name	The domain name for FortiLAN Cloud. By default, this field is set to `fortiswitch-dispatch.forticloud.com`.
port	Port number used to connect to FortiLAN Cloud. The default is port 443.
status	Whether access to FortiLAN Cloud is enabled or disabled. By default, the status is set to `enable`.

To check your connections to FortiLAN Cloud, use the get system flan-cloud-mgr connection-info command.

For example:

S524DF4K15000024 # get system flan-cloud-mgr connection-info
			
User Account-ID:    : 012345
Dispatch Service    : IP= xx.xx.xx.xx
SSL verify Code     : ok
Access Service      : IP= xx.xx.xx.xx, Port= 443, Connected on: 2018-11-28 10:59:32
Bootstrap Service   : hostname= xxxxxxxxxx, Port= 8000	

Remote Assistance   : Disabled.		
State-Machine       : State= FSMGR_STATE_READY, Event= EV_READY_HBEAT_GOOD	
					
SSL Local End-Point : Interface: mgmt, IP: xx.xx.xx.xx			
SSL Tunnel Uptime   : Days: 0  Hours: 2 Mins: 22 [Connected @2018-11-28 10:59:32]
SSL Tunnel stats    : restart-count= 4, Reason= Configuration Change

Stats:
========
Switch  Keep Alive  Tx/Reply := 45 / 45
Manager Keep Alive  Rx/Error := 45 / 0

Socks   Req Rx/Last Stream-ID := 224 / 14
Reset   Req Rx/last Stream-ID := 8 / 12
Goaway  Req Rx  := 0
Unknown Req Rx  := 0
			
Syslog FD/Tx/Err := 8 / 3 / 0

Used SOCKS stream-id:
=======================
SID             SockFd          State           Description
___             ______          _____           _______________
18              10              DATA            REST REQ
5               0               DATA            SYSLOG DATA

Enabling and disabling cloud management

To allow your FortiSwitch unit to be managed by FortiLAN Cloud, use the following commands:

config system flan-cloud

set status enable

end

If you want to remove a FortiSwitch unit from FortiLAN Cloud, use the following commands:

config system flan-cloud

set status disable