FortiLink configuration using the FortiGate CLI

This section describes how to configure FortiLink using the FortiGate CLI. Fortinet recommends using the FortiGate GUI because the CLI procedures are more complex (and therefore more prone to error).

If you use one of the auto-discovery FortiSwitch ports, you can establish the FortiLink connection (single port or LAG) with no configuration steps on the FortiSwitch and with a few simple configuration steps on the FortiGate.

Summary of the procedure

  1. Remove the port(s) from the LAN interface.
  2. Configure the FortLink port or create a logical FortLink interface if it is required on the model you are using.
  3. Configure NTP.
  4. Authorize the managed FortiSwitch.
  5. Configure DHCP.

Configure FortiLink as a single link

Configure the FortiLink port on the FortiGate and authorize the FortiSwitch as a managed switch.

In the following steps, port 1 is configured as the FortiLink port.

  1. If required, remove port 1 from the lan interface:

config system virtual-switch

edit lan

config port

delete port1

end

end

end

 

  1. Configure port 1 as the FortiLink interface:

config system interface

edit port1

set auto-auth-extension-device enable

set fortilink enable

end

end

 

  1. Configure an NTP server on port 1:

config system ntp

set server-mode enable

set interface port1

end

 

  1. Authorize the FortiSwitch unit as a managed switch.

config switch-controller managed-switch

edit FS224D3W14000370

set fsw-wan1-admin enable

end

end

 

FortiSwitch will reboot when you issue the set fsw-wan1-admin enable command.

 

Configure FortiLink as a logical interface

You can configure the FortiLink as a logical interface: link-aggregation group (LAG), hardware switch, or software switch).

LAG is supported on all FortiSwitch models and on FortiGate models FGT-100D and above. Hardware switch is supported on some FortiGate models.

Connect any of the FortiLink-capable ports on the FortiGate to the FortiSwitch.  Ensure that you configure auto-discovery on the FortiSwitch ports (unless it is auto-discovery by default).

In the following procedure, port 4 and port 5 are configured as a FortiLink LAG.

  1. If required, remove the FortiLink ports from the lan interface:

config system virtual-switch

edit lan

config port

delete port4

delete port5

end

end

end

 

  1. Create a trunk with the two ports that you connected to the switch:

config system interface

edit flink1 (enter a name, 11 characters maximum)

set allowaccess ping capwap https

set vlanforward enable

set type aggregate

set member port4 port5

set lacp-mode static

set fortilink enable

(optional) set fortilink-split-interface enable

next

end

 

If the members of the aggregate interface connect to more than one FortiSwitch, you must enable fortilink-split-interface.

 

  1. Authorize the FortiSwitch unit as a managed switch.

config switch-controller managed-switch

edit FS224D3W14000370

set fsw-wan1-admin enable

end

end

 

FortiSwitch will reboot when you issue the set fsw-wan1-admin enable command.