Can be FortiLink port used as regular interfaces?

jfernandz · ‎06-01-2021

Hi everybody,

I've got a FortiWiFi 61F and I'd like to know if those two FortiLink ports (A-B) can be used as a regular interfaces (as those 5x GE RJ45 Internal Ports). Apparently these aren't intended for this purpose as this article shows, right? They are only(?) intended to remotely manage FortiSwitch units, but could I eventually use them as regular interfaces?

Thank you everyone.

Toshi_Esumi · ‎06-01-2021

Those ports are just regular switch ports. You just need to remove anything related to "fortilink" in the config. Go CLI and "show | grep -f fortilink". Then you'll know what to remove.

jfernandz · ‎06-02-2021

well, I can see this

# show | grep -f "fortilink"

config switch-controller storm-control-policy
edit "auto-config"
set description "storm control policy for fortilink-isl-icl port" <---
set storm-control-mode disabled
next
end

But I'm not sure what should I disable or how should I disable it. There are in fact a lot of options inside WiFi & Switch Controller menu (in the web UI), my guess is I could turn off these menus by turning off "Switch Controller" and "WiFi Controller" in System > Feature Visibility (also in the web UI) but I'm not sure this will disable nothing but these "Switch Controller" and "WiFi Controller" menus, instead of the FortiLink feature itself.

Also I don't know what are the "storm-control-policy" and the "storm-controll-mode" although apparently the latter one is disabled.

Toshi_Esumi · ‎06-02-2021

No. That's just a description. Not doing anything functionally. Didn't you see it in hard or soft-switch config as well as DHCP server config? And I think it's in NTP config as well.

jfernandz · ‎06-02-2021

I can't see anything like "hard or soft-switch config" or "DHCP server config" in the web UI. In fact, DCHP server is configured per interface (in Network > Interfaces, when you create or edit one).

What I can see is a menu to create FortiLink interfaces in WiFi & Switch Controller > FortiLink Interface, also software switches are created in Network > Interfaces, when you create a new one you can chose its type as "Software Switch".

Also ... what do you mean with "NTP", I understand this acronym as Network Time Protocol.

Toshi_Esumi · ‎06-02-2021

No. All I'm talking about is in CLI. If you want/need to use those fortilink ports as regular interface "a" and "b", you need to use CLI to remove dependencies. That's why I suggested to use "show | grep -f fortilink" at the top level in CLI, which would show you where "fortilink" is used. Unfortunately I don't have FWF60F so I can't tell exactly what you would see. But I remember when I convered the fortilink port on an FG40F, I had to remove it at those parts of config.

Those are under "config system dhcp server" and "config system ntp" sections of CLI.

jfernandz · ‎06-03-2021

Well, if I do `show | grep -f "config system dhcp server"` I just can see

config system dhcp server <---
end

if I replace the `-f` argument with `-A <number of lines>` I can see part of the configs for DCHP servers for every interface with a DHCP server enabled, even the clients.

I don't know what has to do the NTP with this FortiLink ports, but for `show | grep -f "config system ntp"` I have

config system ntp <---
set ntpsync enable
end

And I don't see anything related with FortiLink.

Toshi_Esumi · ‎06-03-2021

So you're not using any DHCP server then. And FWF61F doesn't seem to use "fortilink" for the Fortilink interface.

What interface names do you have under "config sys interface" now? Just go to"config sys interface" then type "edit ?", it would show all interfaces including the Fortilink.

jfernandz · ‎06-03-2021

well I have this

name Name.

a static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical enable

b static 0.0.0.0 0.0.0.0 10.1.0.1 255.255.255.0 up disable physical enable
dmz static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical enable
internal1 static 0.0.0.0 0.0.0.0 172.20.1.1 255.255.255.0 up disable physical enable
internal2 static 0.0.0.0 0.0.0.0 192.168.2.1 255.255.255.0 up disable physical enable
internal3 static 0.0.0.0 0.0.0.0 192.168.1.1 255.255.255.0 up disable physical enable
internal4 static 0.0.0.0 0.0.0.0 172.50.1.1 255.255.255.0 up disable physical enable
internal5 static 0.0.0.0 0.0.0.0 10.100.0.1 255.240.0.0 up disable physical enable
modem pppoe 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 down disable physical enable
ssl.root static 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable tunnel enable
wan1 static 0.0.0.0 0.0.0.0 217.124.116.61 255.255.255.0 up disable physical enable
wan2 dhcp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 up disable physical enable

I tried to use 'b' interface/port (that's because you can see a IP/Netmask in there) but it's apparently the fortilink port.

(Couldn't I exit of "config sys interface" without saving? I've seen that `end` is to exit from there but saving changes)

Toshi_Esumi · ‎06-03-2021

If you didin't go into any of those interfaces, "end" wouldn't change anything. If you're still warried, you can use "abort" always.

You already broke the fortilink and separated them to indivdual "a" and "b". No, they're not in fortilink otherwise you shouldn't see "b" in the interface config. If you can't ping it from a device within the subnet connected to the port, something else must be causing it, not because of fortilink.