Fortinet black logo

Troubleshooting

Copy Link
Copy Doc ID daae6d6f-d2a0-11ea-96b9-00505692583a:629420
Download PDF

Troubleshooting

If the FortiGate unit does not establish the FortiLink connection with the FortiSwitch unit, perform the following troubleshooting checks.

Check the FortiGate configuration

To use the FortiGate GUI to check the FortiLink interface configuration:

  1. In Network > Interfaces, double-click the interface used for FortiLink.
  2. Ensure that Dedicated to FortiSwitch is set for this interface.

To use the FortiGate CLI to verify that you have configured the DHCP and NTP settings correctly:

  1. Verify that the NTP server is enabled and that the FortiLink interface has been added to the list:

    show system ntp

  2. Ensure that the DHCP server on the FortiLink interface is configured correctly:

    show system dhcp

Check the FortiSwitch configuration

To use FortiSwitch CLI commands to check the FortiSwitch configuration:

  1. Verify that the switch system time matches the time on the FortiGate:

    get system status

  2. Verify that FortiGate has sent an IP address to the FortiSwitch (anticipate an IP address in the range 169.254.x.x):

    get system interface

  3. Verify that you can ping the FortiGate IP address:

    execute ping x.x.x.x

To use FortiGate CLI commands to check the FortiSwitch configuration:

  1. Verify that the connections from the FortiGate to the FortiSwitch units are up:

    execute switch-controller get-conn-status

  2. Verify that ports for a specific FortiSwitch stack are connected to the correct locations:

    execute switch-controller get-physical-conn standard <FortiSwitch-Stack-ID>

  3. Verify that all the ports for a specific FortiSwitch are up:

    execute switch-controller get-conn-status <FortiSwitch-device-ID>

Check FortiSwitch connections

Use the following CLI command for detailed diagnostic information on the managed FortiSwitch connections:

execute switch-controller diagnose-connection <FortiSwitch_serial_number>

If the FortiSwitch serial number is omitted, only the FortiLink configuration is checked.

Troubleshooting

If the FortiGate unit does not establish the FortiLink connection with the FortiSwitch unit, perform the following troubleshooting checks.

Check the FortiGate configuration

To use the FortiGate GUI to check the FortiLink interface configuration:

  1. In Network > Interfaces, double-click the interface used for FortiLink.
  2. Ensure that Dedicated to FortiSwitch is set for this interface.

To use the FortiGate CLI to verify that you have configured the DHCP and NTP settings correctly:

  1. Verify that the NTP server is enabled and that the FortiLink interface has been added to the list:

    show system ntp

  2. Ensure that the DHCP server on the FortiLink interface is configured correctly:

    show system dhcp

Check the FortiSwitch configuration

To use FortiSwitch CLI commands to check the FortiSwitch configuration:

  1. Verify that the switch system time matches the time on the FortiGate:

    get system status

  2. Verify that FortiGate has sent an IP address to the FortiSwitch (anticipate an IP address in the range 169.254.x.x):

    get system interface

  3. Verify that you can ping the FortiGate IP address:

    execute ping x.x.x.x

To use FortiGate CLI commands to check the FortiSwitch configuration:

  1. Verify that the connections from the FortiGate to the FortiSwitch units are up:

    execute switch-controller get-conn-status

  2. Verify that ports for a specific FortiSwitch stack are connected to the correct locations:

    execute switch-controller get-physical-conn standard <FortiSwitch-Stack-ID>

  3. Verify that all the ports for a specific FortiSwitch are up:

    execute switch-controller get-conn-status <FortiSwitch-device-ID>

Check FortiSwitch connections

Use the following CLI command for detailed diagnostic information on the managed FortiSwitch connections:

execute switch-controller diagnose-connection <FortiSwitch_serial_number>

If the FortiSwitch serial number is omitted, only the FortiLink configuration is checked.