Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
claydawg
New Contributor II

Created on ‎02-08-2024 09:27 AM

Same VLAN on Multiiple Fortilink Interfaces

I have a scenario where there are two different Fortilink interfaces on a FortiGate. I need to extend a particular VLAN from the gate to both Fortilink-managed switches. Unfortunately this requires me to require a VLAN sub-interface on each Fortilink interface. One has an IP address configured and the other is just 0.0.0.0/0. I assumed, maybe incorrectly, that this would just do 802.1q and pass layer-2 between interfaces but I also know this is a firewall and that sort of behavior may not work. Can anyone confirm if this is supported? If not, is the only solution to re-architect this and reconfigure for only a single Fortilink?

Labels:
522
0 Kudos
8 REPLIES 8
Stephen_G
Moderator
Moderator

Created on ‎02-11-2024 07:47 AM

Hello claydawg,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
457
0 Kudos
Stephen_G
Moderator
Moderator

Created on ‎02-13-2024 04:06 AM

Hello claydawg,

 

This document may help you with what you need: https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/454200/multiple-fortiswitches-managed-v...

 

Let me know if you need further help, or feel free to contact us.

 

Kind regards,

Stephen - Fortinet Community Team
427
0 Kudos
claydawg
New Contributor II
In response to Stephen_G

Created on ‎02-23-2024 08:26 AM

Thanks, Stephen. Unfortunately I don't see anything in that docs that answers my question. I'm really hoping there is a way to make this work. I just don't see the value in FortiLink. It seems like it just makes traditional networking more difficult and restrictive.

360
0 Kudos
hbac
Staff
Staff

Created on ‎02-24-2024 09:56 AM

Hi @claydawg,  

 

I would suggest configuring only a single fortilink to manage both switches. 

 

Regards, 

334
0 Kudos
claydawg
New Contributor II

Created on ‎04-16-2024 09:40 AM

Thanks. This is a huge drawback of FortiLink. I understand the simplicity of it, but it really limits your ability to customize the network after the fact.

126
0 Kudos
AEK
SuperUser
SuperUser
In response to claydawg

Created on ‎04-16-2024 10:35 AM

Hi @claydawg 

  • Are your FSW interconnected? Do they need to be interconnected?
  • Do your FSW support ICL or ISL?
  • Why do you need to the VLAN to both FSW?
  • Why you need to use 2 FortiLinks?

If you elaborate a bit more maybe we can help.

AEK
AEK
114
0 Kudos
claydawg
New Contributor II
In response to AEK

Created on ‎04-17-2024 11:42 AM

Why do I need to extend the same VLAN to two different switches? I can't even believe I'm being asked that question. I don't mean to be rude but this is a common practice on any network. There's no need to justify the necessity.

96
0 Kudos
AEK
SuperUser
SuperUser
In response to claydawg

Created on ‎04-21-2024 11:44 PM

Depending on your design requirements this is what you may need.

https://docs.fortinet.com/document/fortiswitch/7.4.2/fortilink-guide/801202/single-fortigate-unit-ma...

By setting FortiLink over HW/SW switch should allow you via one FortiLink to have the same VLAN(s) propagated to both FSW and the same gateway visible from the managed switches.

AEK
AEK
47
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.