How to configure the management port of a FortiSwitch managed by a FortiGate firewall via a FortiLink interface
When you install some fortiswitches wich are managed by a fortigate firewall, management is done via the web interface of the fortigate. When you have to do some configuration wich is not available in the gui, you have to use a ssh session from the fortigate unit to the FortiLink ip address of the FortiSwitch. This is very cumberstone. You cannot copy configuration templates to the switch. It even means there is no SNMP path to your fortiswitch wich makes it impossible to monitor the unit by i.a. PRTG.
If you want to manage a FortiSwitch bypassing the FortiLink interface you have to connect the management port to a management vlan. Remember that you always have to manage the FortiSwitch by the webinterface of the Fortigate exept for the configuration wich is only possible on the FortiSwitch itsef.
The first step is to login to the fortigate and find the ip address of the fortiswitch you want to manage. Click on the fortiswitch you want to manage. The ip address is displayed in the next window.
Now connect to the fortigate firewall cli. You can connect from the fortigate via ssh to the connected fortiswitch. use the following command
execute ssh admin@169.254.1.2
Replace the ip address by the ip address previously noted. The default password is empty. Remember to change the default password of the fortiswitch immediately after connecting the management interface!
When you are connected to the fortiswitch you can assign a ip address to the management interface of the FortiSwitch. This is done by the following commands:
config system interface edit "mgmt" set ip 10.1.1.1 255.255.255.0 set allowaccess ping https http ssh telnet snmp set type physical set snmp-index 54 next end
Now you have to enter a default gateway for the switch to the rest of the network.
config router static
edit 1
set device "mgmt"
set dst 10.0.0.0 255.0.0.0
set gateway 10.1.1.254
next
endNow connect the management interface of the FortiSwitch to the management vlan of your network. When this is done you can access the switch on ip basis and monitor it with the program of choice.
Hi,
Thank you for this article! What do you mean with “If you want to manage a FortiSwitch bypassing the FortiLink interface you have to connect the management port to a management vlan”
Connect it physically? I have some switches connected to the fortigate connected only via fortilink, and the switches have got IP Adresses (169…) from the fortilink. for me its now not clear how to change this.
thanks
Andreas
Yes, just connect it physically.