Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Connecting FortiLink ports

This section contains information about the FortiSwitch and FortiGate ports that you connect to establish a FortiLink connection.

In FortiSwitchOS 3.3.0 and later releases, you can use any of the switch ports for FortiLink. Some or all of the switch ports (depending on the model) support auto-discovery of the FortiLink ports.

You can chose to connect a single FortiLink port or multiple FortiLink ports as a logical interface (link-aggregation group, hardware switch, or software switch).

NOTE: FortiSwitch units, when used in FortiLink mode, support only the default administrative access HTTPS port (443).

1. Enable the switch controller on the FortiGate unit

Before connecting the FortiSwitch and FortiGate units, ensure that the switch controller feature is enabled on the FortiGate unit with the FortiGate GUI or CLI to enable the switch controller. Depending on the FortiGate model and software release, this feature might be enabled by default.

Using the FortiGate GUI
  1. Go to System > Feature Visibility.
  2. Turn on the Switch Controller feature, which is in the Core Features list.
  3. Select Apply.

The menu option WiFi & Switch Controller now appears.

Using the FortiGate CLI

Use the following commands to enable the switch controller:

config system global

set switch-controller enable

end

2. Connect the FortiSwitch unit and FortiGate unit

FortiSwitchOS 3.3.0 and later provides flexibility for FortiLink:

  • Use any switch port for FortiLink
  • Provides auto-discovery of the FortiLink ports on the FortiSwitch
  • Choice of a single FortiLink port or multiple FortiLink ports in a link-aggregation group (LAG)

Auto-discovery of the FortiSwitch ports

In FortiSwitchOS 3.3.0 and later releases, D-series FortiSwitch models support FortiLink auto-discovery, on automatic detection of the port connected to the FortiGate unit.

You can use any of the switch ports for FortiLink. Before connecting the switch to the FortiGate unit, use the following FortiSwitch CLI commands to configure a port for FortiLink auto-discovery:

config switch interface

edit <port>

set auto-discovery-fortilink enable

end

By default, each FortiSwitch model provides a set of ports that are enabled for FortiLink auto-discovery. If you connect the FortiLink using one of these ports, no switch configuration is required.

In FortiSwitchOS 3.4.0 and later releases, the last four ports are the default auto-discovery FortiLink ports. You can also run the show switch interface command on the FortiSwitch unit to see the ports that have auto-discovery enabled.

The following table lists the default auto-discovery ports for each switch model.

NOTE: Any port can be used for FortiLink if it is manually configured.

FortiSwitch Model

Default Auto-FortiLink ports

FS-108D-POE

port9–port10

FS-108E, FS-108E-POE, FS-108E-FPOE

port7–port10

FSR-112D-POE

port5–port12

FS-124D, FS-124D-POE

port23–port26

FSR-124D

port1-port4, port21–port28

FS-124E, FS-124E-POE, FS-124E-FPOE

port21–port28

FS-148E, FS-148E-POE

port21–port52

FS-224D-POE

port21–port24

FS-224D-FPOE

port21–port28

FS-224E, FS-224E-POE port21–port28

FS-248D, FS-248D-FPOE

port45–port52

FS-248D-POE

port47–port50

FS-248E-POE, FS-248E-FPOE

port45–port52

FS-424D, FS-424D-POE, FS-424D-FPOE

port23–port26

FS-424E-Fiber

port1-port30

FS-426E-FPOE-MG

port23-port30

FS-448D, FS-448D-POE, FS-448D-FPOE

port45–port52

FS-524D, FS-524D-FPOE

port21–port30

FS-548D

port39–port54

FS-548D-FPOE, FS-548DN

port45–port54

FS-1024D

port1–port24

FS-1048D, FS-1048E

port1–port52

FS-3032D, FS-3032E

port1–port32

Choosing the FortiGate ports

The FortiGate unit manages all of the switches through one active FortiLink. The FortiLink can consist of one port or multiple ports (for a LAG).

As a general rule, FortiLink is supported on all ports that are not listed as HA ports.

Connecting FortiLink ports

This section contains information about the FortiSwitch and FortiGate ports that you connect to establish a FortiLink connection.

In FortiSwitchOS 3.3.0 and later releases, you can use any of the switch ports for FortiLink. Some or all of the switch ports (depending on the model) support auto-discovery of the FortiLink ports.

You can chose to connect a single FortiLink port or multiple FortiLink ports as a logical interface (link-aggregation group, hardware switch, or software switch).

NOTE: FortiSwitch units, when used in FortiLink mode, support only the default administrative access HTTPS port (443).

1. Enable the switch controller on the FortiGate unit

Before connecting the FortiSwitch and FortiGate units, ensure that the switch controller feature is enabled on the FortiGate unit with the FortiGate GUI or CLI to enable the switch controller. Depending on the FortiGate model and software release, this feature might be enabled by default.

Using the FortiGate GUI
  1. Go to System > Feature Visibility.
  2. Turn on the Switch Controller feature, which is in the Core Features list.
  3. Select Apply.

The menu option WiFi & Switch Controller now appears.

Using the FortiGate CLI

Use the following commands to enable the switch controller:

config system global

set switch-controller enable

end

2. Connect the FortiSwitch unit and FortiGate unit

FortiSwitchOS 3.3.0 and later provides flexibility for FortiLink:

  • Use any switch port for FortiLink
  • Provides auto-discovery of the FortiLink ports on the FortiSwitch
  • Choice of a single FortiLink port or multiple FortiLink ports in a link-aggregation group (LAG)

Auto-discovery of the FortiSwitch ports

In FortiSwitchOS 3.3.0 and later releases, D-series FortiSwitch models support FortiLink auto-discovery, on automatic detection of the port connected to the FortiGate unit.

You can use any of the switch ports for FortiLink. Before connecting the switch to the FortiGate unit, use the following FortiSwitch CLI commands to configure a port for FortiLink auto-discovery:

config switch interface

edit <port>

set auto-discovery-fortilink enable

end

By default, each FortiSwitch model provides a set of ports that are enabled for FortiLink auto-discovery. If you connect the FortiLink using one of these ports, no switch configuration is required.

In FortiSwitchOS 3.4.0 and later releases, the last four ports are the default auto-discovery FortiLink ports. You can also run the show switch interface command on the FortiSwitch unit to see the ports that have auto-discovery enabled.

The following table lists the default auto-discovery ports for each switch model.

NOTE: Any port can be used for FortiLink if it is manually configured.

FortiSwitch Model

Default Auto-FortiLink ports

FS-108D-POE

port9–port10

FS-108E, FS-108E-POE, FS-108E-FPOE

port7–port10

FSR-112D-POE

port5–port12

FS-124D, FS-124D-POE

port23–port26

FSR-124D

port1-port4, port21–port28

FS-124E, FS-124E-POE, FS-124E-FPOE

port21–port28

FS-148E, FS-148E-POE

port21–port52

FS-224D-POE

port21–port24

FS-224D-FPOE

port21–port28

FS-224E, FS-224E-POE port21–port28

FS-248D, FS-248D-FPOE

port45–port52

FS-248D-POE

port47–port50

FS-248E-POE, FS-248E-FPOE

port45–port52

FS-424D, FS-424D-POE, FS-424D-FPOE

port23–port26

FS-424E-Fiber

port1-port30

FS-426E-FPOE-MG

port23-port30

FS-448D, FS-448D-POE, FS-448D-FPOE

port45–port52

FS-524D, FS-524D-FPOE

port21–port30

FS-548D

port39–port54

FS-548D-FPOE, FS-548DN

port45–port54

FS-1024D

port1–port24

FS-1048D, FS-1048E

port1–port52

FS-3032D, FS-3032E

port1–port32

Choosing the FortiGate ports

The FortiGate unit manages all of the switches through one active FortiLink. The FortiLink can consist of one port or multiple ports (for a LAG).

As a general rule, FortiLink is supported on all ports that are not listed as HA ports.