Version:


Table of Contents

SD-WAN Orchestrator 7.0.0.r3 Administration Guide

7.0.1
Download PDF
Copy Link

Attaching a FortiSwitch model to FortiGate

When creating a profile, you can attach a model switch to a port on a FortiGate. This is called attaching FortiLink. When the switch comes online, it is managed by FortiGate and receives the configuration.

Note

Do not connect FortiSwitch to the physical FortiGate port until the FortiSwitch profile is installed. See Install a profile on a device.

If FortiSwitch is already connected to FortiGate:

Configure and install the profile without FortiLink and FortiSwitch first. After the profile has successfully synchronized with FortiGate, add the FortiLink and FortSwitch configuration, and then install the profile again.

To attach a FortiGate port to a FortiSwitch:
  1. Go to Configuration > Profile.

    The list of profiles is displayed.

  2. Create a new profile, or open a profile for updating.

    The Profile / <Name> dialog box is displayed.

  3. Display the Switch/AP settings.
    1. Click the Network tab.

      The Network pane is displayed. For a description of the options, see Network tab.

    2. Expand the LAN section, and toggle Switch/AP Configuration to ON.

      The Switch/AP button is displayed.

    3. Click Switch/AP.

      The FortiSwitch/AP<Name> dialog box is displayed.

  4. Select the FortiGate port you want to connect to FortiSwitch, and click Attach to FortiLink.

    The port is attached, and the VLAN settings are created.

  5. Add a platform model.
    1. Click Add Switch.
    2. In the Name field, enter a name for the FortiSwitch.
    3. From the Platform dropdown, select a FortiSwitch model.
    4. Click OK.

      The switch is added to the profile.

To assign a VLAN to ports in a switch template:
  1. In the VLAN table, create a new VLAN or open a VLAN for updating.

    The VLAN / <Name> dialog box is displayed.

  2. Configure the VLAN settings, and click OK.
    Option Description
    Name Type a name for the interface.
    Allow Overlap Between Devices Toggle on to allow overlap between devices. Toggle off to disable this feature.
    VLAN Id Enter a unique VLAN ID.
    IP Auto Assign

    Available when Allow Overlap Between Devices is disabled.

    Toggle on to automatically assign IP addresses. Toggle off to disable this feature.

    IP Pool

    Available when IP Auto Assign is enabled.

    Specify a pool of IP addresses to be used for SD-WAN Orchestrator to automatically assign.

    Subnet Mask Length Available when IP Auto Assign is enabled.
    DHCP Mode

    Specify whether to use DHCP for automatic IP assignment. Select one of the following options: 

    • None - DHCP is not used.
    • Server - Enable DHCP server.
    • Relay - Enable DHCP relay agent.
    Access Types Select the types of access to allow on the interface.
  3. Assign the VLAN to a switch template.
    1. Select a FortiSwitch port.

      The More Configuration/ <port> dialog box is displayed.

    2. Configure the port settings and click OK.
      Option Description
      Native Vlan Select the native VLAN from the available VLAN objects
      Allowed Vlans Select the allowed VLAN from the available VLAN objects.
      Allowed Vlans-all Select the allowed VLAN from the available VLAN objects.
      Description Enter a description of the VLAN.
      DHCP Snooping Choose TRUSTED or UNTRUSTED.

      Lldp Profile

      Choose default or default-auto-isl.

      Loop Guard

      Toggle on to enable Loop Guard for the port.

      Loop Guard cannot be applied to ports that are in trunks.

      Port Security-policy Select a port security policy from the dropdown.
      Stp State Toggle on to enable this feature.
      stp Root-gaurd

      Toggle on to enable STP Root Guard for the port.

      Edge Port

      Right-click to enable or disable Edge Port for the port.

      stp bpdu-guard

      Toggle on to enable STP BPDU Guard for the port.

To install a profile on a device:
  1. Go to Configuration > Device.

    The device list is displayed.

  2. Click +Device to add a device, or select a device to update.

    The Device <Name> dialog box is displayed.

  3. From the Profile Name dropdown, select a profile and click OK.
  4. In the Config Status column, click Install Configuration.

    Wait for the status to change to Synchronized.

  5. Connect the physical port on the FortiSwitch to the target port on FortiGate.

    Wait 10-15 minutes to allow the device to come online.

To verify the connection:
  1. On FortiGate, go to WiFi & Switch Control > Managed FortiSwitch.

    Check the Status column to verify the device status is Online.

  2. On FortiManager, go to FortiSwitch Manager > Device & Groups, and select a device in the tree menu.

    Check the FortiSwitch Name column to verify the device is online.

To verify the device received the configuration:
  1. On FortiGate go to Network > Interfaces, and expand the interface in the table.

    In the Name column check that the target interface is set as fortilink member.

    In the Type column check that then VLANs in the controller profile are displayed.

  2. Go to WiFi & Switch Control > Managed FortiSwitch.

    In the Native VLAN or Allowed VLANs columns, check that the VLANs are assigned to the FortiSwitch port.

Attaching a FortiSwitch model to FortiGate

When creating a profile, you can attach a model switch to a port on a FortiGate. This is called attaching FortiLink. When the switch comes online, it is managed by FortiGate and receives the configuration.

Note

Do not connect FortiSwitch to the physical FortiGate port until the FortiSwitch profile is installed. See Install a profile on a device.

If FortiSwitch is already connected to FortiGate:

Configure and install the profile without FortiLink and FortiSwitch first. After the profile has successfully synchronized with FortiGate, add the FortiLink and FortSwitch configuration, and then install the profile again.

To attach a FortiGate port to a FortiSwitch:
  1. Go to Configuration > Profile.

    The list of profiles is displayed.

  2. Create a new profile, or open a profile for updating.

    The Profile / <Name> dialog box is displayed.

  3. Display the Switch/AP settings.
    1. Click the Network tab.

      The Network pane is displayed. For a description of the options, see Network tab.

    2. Expand the LAN section, and toggle Switch/AP Configuration to ON.

      The Switch/AP button is displayed.

    3. Click Switch/AP.

      The FortiSwitch/AP<Name> dialog box is displayed.

  4. Select the FortiGate port you want to connect to FortiSwitch, and click Attach to FortiLink.

    The port is attached, and the VLAN settings are created.

  5. Add a platform model.
    1. Click Add Switch.
    2. In the Name field, enter a name for the FortiSwitch.
    3. From the Platform dropdown, select a FortiSwitch model.
    4. Click OK.

      The switch is added to the profile.

To assign a VLAN to ports in a switch template:
  1. In the VLAN table, create a new VLAN or open a VLAN for updating.

    The VLAN / <Name> dialog box is displayed.

  2. Configure the VLAN settings, and click OK.
    Option Description
    Name Type a name for the interface.
    Allow Overlap Between Devices Toggle on to allow overlap between devices. Toggle off to disable this feature.
    VLAN Id Enter a unique VLAN ID.
    IP Auto Assign

    Available when Allow Overlap Between Devices is disabled.

    Toggle on to automatically assign IP addresses. Toggle off to disable this feature.

    IP Pool

    Available when IP Auto Assign is enabled.

    Specify a pool of IP addresses to be used for SD-WAN Orchestrator to automatically assign.

    Subnet Mask Length Available when IP Auto Assign is enabled.
    DHCP Mode

    Specify whether to use DHCP for automatic IP assignment. Select one of the following options: 

    • None - DHCP is not used.
    • Server - Enable DHCP server.
    • Relay - Enable DHCP relay agent.
    Access Types Select the types of access to allow on the interface.
  3. Assign the VLAN to a switch template.
    1. Select a FortiSwitch port.

      The More Configuration/ <port> dialog box is displayed.

    2. Configure the port settings and click OK.
      Option Description
      Native Vlan Select the native VLAN from the available VLAN objects
      Allowed Vlans Select the allowed VLAN from the available VLAN objects.
      Allowed Vlans-all Select the allowed VLAN from the available VLAN objects.
      Description Enter a description of the VLAN.
      DHCP Snooping Choose TRUSTED or UNTRUSTED.

      Lldp Profile

      Choose default or default-auto-isl.

      Loop Guard

      Toggle on to enable Loop Guard for the port.

      Loop Guard cannot be applied to ports that are in trunks.

      Port Security-policy Select a port security policy from the dropdown.
      Stp State Toggle on to enable this feature.
      stp Root-gaurd

      Toggle on to enable STP Root Guard for the port.

      Edge Port

      Right-click to enable or disable Edge Port for the port.

      stp bpdu-guard

      Toggle on to enable STP BPDU Guard for the port.

To install a profile on a device:
  1. Go to Configuration > Device.

    The device list is displayed.

  2. Click +Device to add a device, or select a device to update.

    The Device <Name> dialog box is displayed.

  3. From the Profile Name dropdown, select a profile and click OK.
  4. In the Config Status column, click Install Configuration.

    Wait for the status to change to Synchronized.

  5. Connect the physical port on the FortiSwitch to the target port on FortiGate.

    Wait 10-15 minutes to allow the device to come online.

To verify the connection:
  1. On FortiGate, go to WiFi & Switch Control > Managed FortiSwitch.

    Check the Status column to verify the device status is Online.

  2. On FortiManager, go to FortiSwitch Manager > Device & Groups, and select a device in the tree menu.

    Check the FortiSwitch Name column to verify the device is online.

To verify the device received the configuration:
  1. On FortiGate go to Network > Interfaces, and expand the interface in the table.

    In the Name column check that the target interface is set as fortilink member.

    In the Type column check that then VLANs in the controller profile are displayed.

  2. Go to WiFi & Switch Control > Managed FortiSwitch.

    In the Native VLAN or Allowed VLANs columns, check that the VLANs are assigned to the FortiSwitch port.