Managed FortiSwitch Troubleshooting

Troubleshooting

Troubleshooting FortiLink issues

If the FortiGate does not establish the FortiLink connection with the FortiSwitch, perform the following troubleshooting checks.

Check the FortiGate configuration

To use the FortiGate GUI to check the FortiLink interface configuration:

  1. In Network > Interfaces, double-click the interface used for FortiLink.
  2. Ensure that Dedicated to FortiSwitch is set for this interface.

To use the FortiGate CLI to verify that you have configured the DHCP and NTP settings correctly:

  1. Verify that the NTP server is enabled and that the FortiLink interface has been added to the list:

show system ntp

  1. Ensure that the DHCP server on the Fortilink interface is configured correctly:

show system dhcp

Check the FortiSwitch configuration

To use FortiSwitch CLI commands to check the FortiSwitch configuration:

  1. Verify that the switch system time matches the time on the FortiGate:

get system status

  1. Verify that FortiGate has sent an IP address to the FortiSwitch (anticipate an IP address in the range 169.254.x.x):

get system interfaces

  1. Verify that you can ping the FortiGate IP address:

exec ping x.x.x.x

To use FortiGate CLI commands to check the FortiSwitch configuration:

  1. Verify that the connections from the FortiGate to the FortiSwitch units are up:

exec switch-controller get-conn-status

  1. Verify that ports for a specific FortiSwitch stack are connected to the correct locations:

exec switch-controller get-physical-conn <FortiSwitch-Stack-ID>

  1. Verify that all the ports for a specific FortiSwitch are up:

exec switch-controller get-conn-status <FortiSwitch-device-ID>

Check FortiSwitch connections

Use the following CLI command for detailed diagnostic information on the managed FortiSwitch connections: execute switch-controller diagnose-connection <FortiSwitch_serial_number>

If the FortiSwitch serial number is omitted, only the FortiLink configuration is checked.

This entry was posted in Administration Guides, FortiOS 6, FortiSwitch on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.