FortiSwitch Managed by FortiOS 6 – Configuring the FortiSwitch management port

5 Replies

Configuring the FortiSwitch management port

If the FortiSwitch model has a dedicated management port, you can configure remote management to the FortiSwitch. In FortiLink mode, the FortiGate is the default gateway, so you need to configure an explicit route for the FortiSwitch management port.

Using the Web administration GUI

  1. Go to Network > Static Routes > Create New > Route.
  2. Set Destination to Subnet and enter a subnetwork and mask.
  3. Set Device to the management interface.
  4. Add a Gateway IP address.

Using the FortiSwitch CLI

Enter the following commands:

config router static edit 1 set device mgmt set gateway <router IP address> set dst <router subnet> <subnet mask>

end

end

In the following example, the FortiSwitch management port is connected to a router with IP address 192.168.0.10:

config router static edit 1 set device mgmt set gateway 192.168.0.10 set dst 192.168.0.0 255.255.0.0

end end

This entry was posted in Administration Guides, FortiOS 6, FortiSwitch on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

5 thoughts on “FortiSwitch Managed by FortiOS 6 – Configuring the FortiSwitch management port

  1. Rick

    You are doing this for monitoring features only, correct? I was told by my Sale Engineer to not make config changes via the management port when managed by the Fortigate.

    Reply
  2. Steve Long

    I have a Fortigate 101E (5.6.5) attached to a Fortiswitch 424D (6.01) and can manage most through the Foirtigate.
    Is it possable to have the management ports avaibule on both devices or is the management port on the Fortiswitch always disabled?

    Reply
    1. Mike Post author

      You can make the FortiGate acesssible via physical ports on either device. Once you start controlling the FortiSwitch from the Gate you don’t really need to access that device anymore directly.

      To do this, you would need to create a software switch that includes the ports/vlans you want to be management specific. A software switch titled “MGMT-LAGG” or something like that and have the IP and access set there. Then just add the ports you want to be included. I say vlans as well because you are going to want to use vlans on the fortiswitch and just take certain ports on said switch to natively use the mgmt vlan you create. So you may use the physical MGMT port on the FortiGate as a member as well as MGMT VLAN that is native on the appropriate FortiSwitch ports. That will enable you to access gate management from either physical location. At that point though most people use loopbacks and just hit the device remotely.

      Reply
      1. Sumer Singh

        Dear Mike,
        Thanks for your efforts. I need to enable SNMP & traps on my fortiswitches. When i access fortiswitch via fortigate, i am unable to find SNMP command to configure. I am avoiding to configure fortiswitch locally as it is not recommended. Fortigate OS 5.6.7 and Fortiswitch 6.2.1.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.