Managed FortiSwitch OS 3.6.0 (FortiOS 5.6)

Managed FortiSwitch OS 3.6.0 (FortiOS 5.6)

New managed FortiSwitch features added to FortiOS 5.6 if the FortiSwitch is running FortiSwitch OS 3.6.0.

IGMP snooping (387515)

The GUI and CLI support the ability to configure IGMP snooping for managed switch ports.

To enable IGMP snooping from the GUI, go to WiFi & Switch Controller > FortiSwitch VLANs, edit a VLAN and turn on IGMP Snooping under Networked Devices.

From the CLI, start by enabling IGMP snooping on the FortiGate:

config switch-controller igmp-snooping set aging-time <int>

set flood-unknown-multicast (enable | disable)


Then enable IGMP snooping on a VLAN:

config system interface edit <vlan> set switch-controller-igmp-snooping (enable | disable)


Use the following command to enable IGMP snooping on switch ports, and to override the global parameters for a specific switch.

config switch-controller managed-switch edit <switch> config ports edit port <number> set igmp-snooping (enable | disable) set igmps-flood-reports (enable | disable)


config igmp-snooping globals set aging-time <int>

set flood-unknown-multicast (enable | disable)




User-port link aggregation groups (378470)

The GUI now supports the ability to configure user port LAGs on managed FortiSwitches.

To create a link aggregation group for FortiSwitch user ports:


1. Go to WiFi & Switch Controller > FortiSwitch Ports

  1. Click Create New > Trunk.
  2. In the New Trunk Group page:
    1. Enter a name for the trunk group
    2. Select two or more physical ports to add to the trunk group
    3. Select the mode: Static, Passive LACP, or Active LACP
  3. Click OK.

DHCP blocking, STP, and loop guard on managed FortiSwitch ports (375860)

The managed FortiSwitch GUI now supports the ability to enable/disable DHCP blocking, STP and loop guard for FortiSwitch user ports.

Go to to WiFi & Switch Controller > FortiSwitch Ports. For any port you can select DHCP Blocking, STP, or Loop Guard. STP is enabled on all ports by default. Loop guard is disabled by default on all ports.

Switch profile enhancements (387398)

Defaults switch profiles are bound to every switch discovered by the FortiGate. This means that an administrator can establish a password for this profile or create a new profile and bind that profile to any switch. Consquently, the password provided shall be configured on the FortiSwitch against the default “admin” account already present.

Number of switches per FortiGate based on model (388024)

The maximum number of supported FortiSwitches depends on the FortiGate model:


FortiGate Model Range

Number of FortiSwitches Supported

Up to FortiGate-98 and FortiGate-VM01                                8

FortiGate-00 to 280 and FortiGate-VM02                              24

FortiGate-300 to 5xx                                                           48

FortiGate-600 to 900 and FortiGate-VM04                             64

FortiGate-000 and up                                                         128

FortiGate-3xxx and up, and FortiGate-VM08 and up               256

Miscellanous configuration option changes

  • The default value of dhcp-Snooping (also called DHCP-blocking) is changed from trusted in FortiOS 5.4 to untrusted in FortiOS 5.6.
  • The default value of edge-port is changed from disabled in FortiOS 5.4 to enabled in FortiOS 5.6.0.

FortiView (5.6.1)

Additional GUI support

  • Link aggregation of FortiSwitch ports l DHCP trusted/untrusted, loop guard, and STP for FortiSwitch ports l Connect to CLI support for FortiSwitch

Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU