Fortinet black logo

Introduction

Copy Link
Copy Doc ID daae6d6f-d2a0-11ea-96b9-00505692583a:173258
Download PDF

Introduction

This section provides information about how to set up and configure managed FortiSwitch units using the FortiGate unit (termed “using FortiSwitch in FortiLink mode”).

NOTE: FortiLink is not supported in transparent mode.

The maximum number of supported FortiSwitch units depends on the FortiGate model:

FortiGate Model Range Number of FortiSwitch Units Supported
FortiGate 91E, FortiGate-VM01 8
FortiGate 6xE, 8xE, 90E 16
FortiGate 100D, FortiGate-VM02 24
FortiGate 100E, 100EF, 101E, 140E, 140E-POE 32
FortiGate 200E, 201E 64
FortiGate 300D to 500D 48
FortiGate 300E to 500E 72
FortiGate 600D to 900D and FortiGate-VM04 64
FortiGate 600E to 900E 96
FortiGate 1000D to 15xxD 128
FortiGate 1100E to 25xxE 196
FortiGate-3xxx and up and FortiGate-VM08 and up 300

Supported models

Refer to the FortiLink Compatibility table to find which FortiSwitchOS versions support which FortiOS versions.

Note

New models (NPI releases) might not support FortiLink. Contact Customer Service & Support to check support for FortiLink.

Support of FortiLink features

The following table lists the FortiSwitch models supported by FortiLink features.

FortiLink Features FortiSwitch Models

Centralized VLAN Configuration

D-series, E-series

Switch POE Control

D-series, E-series

Link Aggregation Configuration

D-series, E-series

Spanning Tree Protocol (STP)

D-series, E-series

LLDP/MED

D-series, E-series

IGMP Snooping

Not supported on FSR-112D-POE

802.1x Authentication (Port-based, MAC-based, MAB)

D-series, E-series

Syslog Collection

D-series, E-series

DHCP Snooping

D-series, E-series

Device Detection

D-series, E-series

Support FortiLink FortiGate in HA Cluster

D-series, E-series

LAG support for FortiLink Connection

D-series, E-series

Active-Active Split MLAG from FortiGate to FortiSwitch units for Advanced Redundancy

Not supported on FS-1xx Series

sFlow

Not supported on FS-1xxE Series

Dynamic ARP Inspection (DAI)

D-series, E-series

Port Mirroring

D-series, E-series

RADIUS Accounting Support

Not supported on FS-1xxE Series

Centralized Configuration

D-series, E-series

Access VLAN

D-series, E-series

STP BDPU Guard, Root Guard, Edge Port

D-series, E-series

Loop Guard

D-series, E-series

Switch admin Password

D-series, E-series

Storm Control

D-series, E-series

802.1x-Authenticated Dynamic VLAN Assignment

D-series, E-series

Host Quarantine on Switch Port

D-series, E-series

QoS

Not supported on FS-1xxE Series or FSR-112D-POE

Centralized Firmware Management

D-series, E-series

Automatic network detection and configuration

D-series, E-series

Dynamic VLAN assignment by group name

D-series, E-series

Sticky MAC addresses

D-series, E-series

NetFlow and IPFIX flow tracking and export

D-series, E-series

FortiSwitch split ports

FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE, FS-1048E, FS-3032D

Encapsulated remote switched port analyzer (ERSPAN)

FS-2xx and higher

MSTP instances

NOTE: In FortiLink mode, the FortiGate unit supports 1-14 instances for all platforms.

D-series, E-series

QoS statistics

D-series, E-series

Configuring SNMP through FortiLink

D-series, E-series

IPv4 source guard

FSR-124D, FS-224D-FPOE, FS-248D, FS-424D-POE, FS-424D-FPOE, FS-448D-POE, FS-448D-FPOE, FS-424D, FS-448D, and FS-2xxE

Integrated FortiGate network access control (NAC) function

D-series, E-series

FortiGuard IoT identification

D-series, E-series

Point-to-point layer-2 network supported

Not supported on FS-108E, FS-108E-POE, FS-108E-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE

Dynamic detection of LLDP neighbor devices

D-series, E-series

Explicit congestion notification (ECN)

FS-1024D, FS-1048D, FS-1048E, FS-3032D, FS-3032E, FS-4xxE, and FS-5xxD

Aggregation mode selection for trunk members

D-series, E-series

Multiple attribute values sent in a RADIUS Access-Request

D-series, E-series

PTP transparent-clock mode

FS-1048E, FS-224D, FS-224E, FS-3032D, FS-3032E, FS-424D, FS-4xxE, and FS-5xxD

Rapid PVST interoperation

D-series, E-series

Support of matching EMS tags in NAC policies

D-series, E-series

Flash port LEDs

D-series, E-series

Cable diagnostics

Not supported on FSR-112D-POE, FS-1024D, FS-1048D, FS-1048E, FS-3032D, or FS-3032E

Automated detection and recommendations

D-series, E-series

Before you begin

Before you configure the managed FortiSwitch unit, the following assumptions have been made in the writing of this manual:

  • You have completed the initial configuration of the FortiSwitch unit, as outlined in the QuickStart Guide for your FortiSwitch model, and you have administrative access to the FortiSwitch GUI and CLI.
  • You have installed a FortiGate unit on your network and have administrative access to the FortiGate GUI and CLI.

How this guide is organized

This guide contains the following sections:

Introduction

This section provides information about how to set up and configure managed FortiSwitch units using the FortiGate unit (termed “using FortiSwitch in FortiLink mode”).

NOTE: FortiLink is not supported in transparent mode.

The maximum number of supported FortiSwitch units depends on the FortiGate model:

FortiGate Model Range Number of FortiSwitch Units Supported
FortiGate 91E, FortiGate-VM01 8
FortiGate 6xE, 8xE, 90E 16
FortiGate 100D, FortiGate-VM02 24
FortiGate 100E, 100EF, 101E, 140E, 140E-POE 32
FortiGate 200E, 201E 64
FortiGate 300D to 500D 48
FortiGate 300E to 500E 72
FortiGate 600D to 900D and FortiGate-VM04 64
FortiGate 600E to 900E 96
FortiGate 1000D to 15xxD 128
FortiGate 1100E to 25xxE 196
FortiGate-3xxx and up and FortiGate-VM08 and up 300

Supported models

Refer to the FortiLink Compatibility table to find which FortiSwitchOS versions support which FortiOS versions.

Note

New models (NPI releases) might not support FortiLink. Contact Customer Service & Support to check support for FortiLink.

Support of FortiLink features

The following table lists the FortiSwitch models supported by FortiLink features.

FortiLink Features FortiSwitch Models

Centralized VLAN Configuration

D-series, E-series

Switch POE Control

D-series, E-series

Link Aggregation Configuration

D-series, E-series

Spanning Tree Protocol (STP)

D-series, E-series

LLDP/MED

D-series, E-series

IGMP Snooping

Not supported on FSR-112D-POE

802.1x Authentication (Port-based, MAC-based, MAB)

D-series, E-series

Syslog Collection

D-series, E-series

DHCP Snooping

D-series, E-series

Device Detection

D-series, E-series

Support FortiLink FortiGate in HA Cluster

D-series, E-series

LAG support for FortiLink Connection

D-series, E-series

Active-Active Split MLAG from FortiGate to FortiSwitch units for Advanced Redundancy

Not supported on FS-1xx Series

sFlow

Not supported on FS-1xxE Series

Dynamic ARP Inspection (DAI)

D-series, E-series

Port Mirroring

D-series, E-series

RADIUS Accounting Support

Not supported on FS-1xxE Series

Centralized Configuration

D-series, E-series

Access VLAN

D-series, E-series

STP BDPU Guard, Root Guard, Edge Port

D-series, E-series

Loop Guard

D-series, E-series

Switch admin Password

D-series, E-series

Storm Control

D-series, E-series

802.1x-Authenticated Dynamic VLAN Assignment

D-series, E-series

Host Quarantine on Switch Port

D-series, E-series

QoS

Not supported on FS-1xxE Series or FSR-112D-POE

Centralized Firmware Management

D-series, E-series

Automatic network detection and configuration

D-series, E-series

Dynamic VLAN assignment by group name

D-series, E-series

Sticky MAC addresses

D-series, E-series

NetFlow and IPFIX flow tracking and export

D-series, E-series

FortiSwitch split ports

FS-524D, FS-524D-FPOE, FS-548D, FS-548D-FPOE, FS-1048E, FS-3032D

Encapsulated remote switched port analyzer (ERSPAN)

FS-2xx and higher

MSTP instances

NOTE: In FortiLink mode, the FortiGate unit supports 1-14 instances for all platforms.

D-series, E-series

QoS statistics

D-series, E-series

Configuring SNMP through FortiLink

D-series, E-series

IPv4 source guard

FSR-124D, FS-224D-FPOE, FS-248D, FS-424D-POE, FS-424D-FPOE, FS-448D-POE, FS-448D-FPOE, FS-424D, FS-448D, and FS-2xxE

Integrated FortiGate network access control (NAC) function

D-series, E-series

FortiGuard IoT identification

D-series, E-series

Point-to-point layer-2 network supported

Not supported on FS-108E, FS-108E-POE, FS-108E-FPOE, FS-124E, FS-124E-POE, FS-124E-FPOE, FS-148E, and FS-148E-POE

Dynamic detection of LLDP neighbor devices

D-series, E-series

Explicit congestion notification (ECN)

FS-1024D, FS-1048D, FS-1048E, FS-3032D, FS-3032E, FS-4xxE, and FS-5xxD

Aggregation mode selection for trunk members

D-series, E-series

Multiple attribute values sent in a RADIUS Access-Request

D-series, E-series

PTP transparent-clock mode

FS-1048E, FS-224D, FS-224E, FS-3032D, FS-3032E, FS-424D, FS-4xxE, and FS-5xxD

Rapid PVST interoperation

D-series, E-series

Support of matching EMS tags in NAC policies

D-series, E-series

Flash port LEDs

D-series, E-series

Cable diagnostics

Not supported on FSR-112D-POE, FS-1024D, FS-1048D, FS-1048E, FS-3032D, or FS-3032E

Automated detection and recommendations

D-series, E-series

Before you begin

Before you configure the managed FortiSwitch unit, the following assumptions have been made in the writing of this manual:

  • You have completed the initial configuration of the FortiSwitch unit, as outlined in the QuickStart Guide for your FortiSwitch model, and you have administrative access to the FortiSwitch GUI and CLI.
  • You have installed a FortiGate unit on your network and have administrative access to the FortiGate GUI and CLI.

How this guide is organized

This guide contains the following sections: