Leveraging LLDP to simplify security fabric negotiation
This feature enables LLDP reception on WAN interfaces, and prompts FortiGates that are joining the Security Fabric if the upstream FortiGate asks.
- If an interface's role is undefined, LLDP reception and transmission inherit settings from the VDOM.
- If an interface's role is WAN, LLDP reception is enabled.
- If an interface's role is LAN, LLDP transmission is enabled.
When a FortiGate B's WAN interface detects that FortiGate A's LAN interface is immediately upstream (through the default gateway), and FortiGate A has Security Fabric enabled, FortiGate B will show a notification on the GUI asking to join the Security Fabric.
To configure LLDP reception and join a Security Fabric:
- Go To Network > Interfaces.
- Configure an interface:
- If the interface's role is undefined, under Administrative Access, set Receive LLDP and Transmit LLDP to Use VDOM Setting.
Using the CLI:
config system interface edit "port3" set lldp-reception vdom set lldp-transmission vdom set role undefined ... next end
- If the interface's role is WAN, under Administrative Access, set Receive LLDP to Enable and Transmit LLDP to Use VDOM Setting.
Using the CLI:
config system interface edit "wan1" set lldp-reception enable set lldp-transmission vdom set role wan ... next end
- If the interface's role is LAN, under Administrative Access, set Receive LLDP to Use VDOM Setting and Transmit LLDP to Enable.
Using the CLI:
config system interface edit "port2" set lldp-reception vdom set lldp-transmission enable set role lan ... next end
A notification will be shown on FortiGate B.
- If the interface's role is undefined, under Administrative Access, set Receive LLDP and Transmit LLDP to Use VDOM Setting.
- Click the notification. The Security Fabric Settings page opens with all the required settings automatically configured.
- Click Apply to apply the settings, or use the following CLI commands:
config system csf set status enable set upstream-ip 10.2.200.1 end