(I'm relatively new to all this, so please go easy on me...)

I need to upgrade our switch firmware as recommended by Fortinet Tech support.  Most of the switches are easy, just using the FortiGate management functions, but the 108D is not so simple...

We have multiple sites, 3 of which have very similar setups :

                                   /-> FortiGate A            /-> Switch 1

ISP ---> FSW 108D -<              ||  ----------->---> Switch 2                                    \-> FortiGate B            \-> Switch 3

3 stacked FortiSwitches (224s and 248s) managed by 2 FortiGates (100E's or 200E's) in an HA grouping.  Each of these setups is connected th the ISP switch through a FSW-108D switch.

Because of their logical location, the 108D's cannot be managed through the FortiGate GUI like the other switches can...  So I get in with a laptop plugged directly into the switch. This is dead easy at locally our HQ, but the other two sites are remote and have no real IT staff on-site, and I'd like to be able to manage them remotely, if possible...

The current plan is to setup a laptop (via WiFi) inside the firewall, and hooking it up to the 108D with a cable when needed, and remoting in to the laptop to do whatever is necessary, but I was wondering if it was possible to make the 108D switches accessible through the LAN, without opening up any holes in our security...  (I'm worried that because it has a direct link outside the firewall, I might be opening up a big can of worries...)

Any ideas or recommendations?

Thanks in advance,

Jamie