Blog

How to configure the management port of a FortiSwitch managed by a FortiGate firewall via a FortiLink interface

Source: https://www.connectix.nl/how-to-configure-the-management-port-of-a-fortiswitch-managed-by-a-fortigate-firewall-via-a-fortilink-interface/

When you install some fortiswitches wich are managed by a fortigate firewall, management is done via the web interface of the fortigate. When you have to do some configuration wich is not available in the gui, you have to use a ssh session from the fortigate unit to the FortiLink ip address of the FortiSwitch. This is very cumberstone. You cannot copy configuration templates to the switch. It even means there is no SNMP path to your fortiswitch wich makes it impossible to monitor the unit by i.a. PRTG.

If you want to manage a FortiSwitch bypassing the FortiLink interface you have to connect the management port to a management vlan. Remember that you always have to manage the FortiSwitch by the webinterface of the Fortigate exept for the configuration wich is only possible on the FortiSwitch itsef.

The first step is to login to the fortigate and find the ip address of the fortiswitch you want to manage. Click on the fortiswitch you want to manage. The ip address is displayed in the next window.

Now connect to the fortigate firewall cli. You can connect from the fortigate via ssh to the connected fortiswitch. use the following command

execute ssh [email protected]

Replace the ip address by the ip address previously noted. The default password is empty. Remember to change the default password of the fortiswitch immediately after connecting the management interface!

When you are connected to the fortiswitch you can assign a ip address to the management interface of the FortiSwitch. This is done by the following commands:

config system interface
  edit "mgmt"
    set ip 10.1.1.1 255.255.255.0
    set allowaccess ping https http ssh telnet snmp
    set type physical
    set snmp-index 54
  next
end





Now you have to enter a default gateway for the switch to the rest of the network.


config router static
  edit 1
    set device "mgmt"
    set dst 10.0.0.0 255.0.0.0
    set gateway 10.1.1.254
  next
end


Now connect the management interface of the FortiSwitch to the management vlan of your network. When this is done you can access the switch on ip basis and monitor it with the program of choice.













Tags: , , , , , 























Close Menu