Introduction
This section provides information about how to set up and configure managed FortiSwitch units using the FortiGate unit (termed “using FortiSwitch in FortiLink mode”).
NOTE: FortiLink is not supported in transparent mode.
The maximum number of supported FortiSwitch units depends on the FortiGate model:
| FortiGate Model Range | Number of FortiSwitch Units Supported |
|---|---|
| FortiGate 40F, 91E, FortiGate-VM01 | 8 |
| FortiGate 60F, 6xE, 80F, 8xE, 90E | 16 |
| FortiGate 100D, FortiGate-VM02 | 24 |
| FortiGate 100E, 100EF, 100F, 101E, 140E, 140E-POE | 32 |
| FortiGate 200E, 201E | 64 |
| FortiGate 300D to 500D | 48 |
| FortiGate 300E to 500E | 72 |
| FortiGate 600D to 900D and FortiGate-VM04 | 64 |
| FortiGate 600E to 900E | 96 |
| FortiGate 1000D to 15xxD | 128 |
| FortiGate 1100E to 25xxE | 196 |
| FortiGate-3xxx and up and FortiGate-VM08 and up | 300 |
Supported models
Refer to the FortiLink Compatibility table to find which FortiSwitchOS versions support which FortiOS versions.
|
New models (NPI releases) might not support FortiLink. Contact Customer Service & Support to check support for FortiLink. |
Support of FortiLink features
The following table lists the FortiSwitch models supported by FortiLink features.
| FortiLink Features | FortiSwitch Models |
|---|---|
|
Centralized VLAN Configuration |
D-series, E-series, F-series |
|
Switch POE Control |
D-series, E-series, F-series |
|
Link Aggregation Configuration |
D-series, E-series, F-series |
|
Spanning Tree Protocol (STP) |
D-series, E-series, F-series |
|
LLDP/MED |
D-series, E-series, F-series |
|
IGMP Snooping |
D-series, E-series, F-series |
|
802.1x Authentication (Port-based, MAC-based, MAB) |
D-series, E-series, F-series |
|
Syslog Collection |
D-series, E-series, F-series |
|
DHCP Snooping |
D-series, E-series, F-series |
|
Device Detection |
D-series, E-series, F-series |
|
Support FortiLink FortiGate in HA Cluster |
D-series, E-series, F-series |
|
LAG support for FortiLink Connection |
D-series, E-series, F-series |
|
Active-Active MCLAG from FortiGate to FortiSwitch units for Advanced Redundancy |
Not supported on FS-1xx Series |
|
sFlow |
Not supported on FS-1xxE Series or FS-1xxF Series |
|
Dynamic ARP Inspection (DAI) |
D-series, E-series, F-series |
|
Port Mirroring |
D-series, E-series, F-series |
|
RADIUS Accounting |
D-series, E-series, F-series |
|
Centralized Configuration |
D-series, E-series, F-series |
|
Block Intra-VLAN Traffic |
D-series, E-series, F-series |
|
STP BDPU Guard, Root Guard, Edge Port |
D-series, E-series, F-series |
|
Loop Guard |
D-series, E-series, F-series |
|
Switch admin Password |
D-series, E-series, F-series |
|
Storm Control |
D-series, E-series, F-series |
|
802.1x-Authenticated Dynamic VLAN Assignment |
D-series, E-series, F-series |
|
Host Quarantine on Switch Port |
D-series, E-series, F-series |
|
QoS |
Not supported on FSR-112D-POE |
|
Centralized Firmware Management |
D-series, E-series, F-series |
|
Automatic network detection and configuration |
D-series, E-series, F-series |
|
Dynamic VLAN assignment by group name |
D-series, E-series, F-series |
|
Sticky MAC addresses |
D-series, E-series, F-series |
|
NetFlow and IPFIX flow tracking and export |
D-series, E-series, F-series |
|
FortiSwitch split ports |
FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE, FS-1048E, FS-3032D, and FS-3032E |
|
Encapsulated remote switched port analyzer (ERSPAN) |
FS-2xx and higher |
|
MSTP instances NOTE: In FortiLink mode, the FortiGate unit supports 1-14 instances for all platforms. |
D-series, E-series, F-series |
|
QoS statistics |
D-series, E-series, F-series |
|
Configuring SNMP through FortiLink |
D-series, E-series, F-series |
|
IPv4 source guard |
FSR-124D, FS-224D-FPOE, FS-248D, FS-424D-POE, FS-424D-FPOE, FS-448D-POE, FS-448D-FPOE, FS-424D, FS-448D, FS-2xxE, and FS-4xxE |
|
Integrated FortiGate network access control (NAC) function |
D-series, E-series, F-series |
|
FortiGuard IoT identification |
D-series, E-series, F-series |
|
Point-to-point layer-2 network supported |
D-series, E-series, F-series |
|
Dynamic detection of LLDP neighbor devices |
D-series, E-series, F-series |
|
Explicit congestion notification (ECN) |
FS-1024D, FS-1048D, FS-1048E, FS-3032D, FS-3032E, FS-4xxE, and FS-5xxD |
|
Aggregation mode selection for trunk members |
D-series, E-series, F-series |
|
Multiple attribute values sent in a RADIUS Access-Request |
D-series, E-series, F-series |
|
PTP transparent-clock mode |
FS-1048E, FS-224D, FS-224E, FS-3032D, FS-3032E, FS-424D, FS-4xxE, and FS-5xxD |
|
Rapid PVST interoperation |
D-series, E-series, F-series |
|
Support of matching EMS tags in NAC policies |
D-series, E-series, F-series |
|
Flash port LEDs |
D-series, E-series, F-series |
|
Cable diagnostics |
Not supported on FSR-112D-POE, FS-1024D, FS-1048D, FS-1048E, FS-3032D, or FS-3032E |
|
Automated detection and recommendations |
D-series, E-series, F-series |
|
Flow control |
D-series, E-series, F-series |
|
Ingress pause metering |
200 series, 400D and 400E series, 500 series, FS-1024D, FS-1048D, FS-1048E, and FS-3032D |
Before you begin
Before you configure the managed FortiSwitch unit, the following assumptions have been made in the writing of this manual:
- You have completed the initial configuration of the FortiSwitch unit, as outlined in the QuickStart Guide for your FortiSwitch model, and you have administrative access to the FortiSwitch GUI and CLI.
- You have installed a FortiGate unit on your network and have administrative access to the FortiGate GUI and CLI.