FortiSwitch Managed by FortiOS 6 – Configuring the FortiSwitch management port

Configuring the FortiSwitch management port

If the FortiSwitch model has a dedicated management port, you can configure remote management to the FortiSwitch. In FortiLink mode, the FortiGate is the default gateway, so you need to configure an explicit route for the FortiSwitch management port.

Using the Web administration GUI

  1. Go to Network > Static Routes > Create New > Route.
  2. Set Destination to Subnet and enter a subnetwork and mask.
  3. Set Device to the management interface.
  4. Add a Gateway IP address.

Using the FortiSwitch CLI

Enter the following commands:

config router static edit 1 set device mgmt set gateway <router IP address> set dst <router subnet> <subnet mask>

end

end

In the following example, the FortiSwitch management port is connected to a router with IP address 192.168.0.10:

config router static edit 1 set device mgmt set gateway 192.168.0.10 set dst 192.168.0.0 255.255.0.0

end end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

4 thoughts on “FortiSwitch Managed by FortiOS 6 – Configuring the FortiSwitch management port

  1. You are doing this for monitoring features only, correct? I was told by my Sale Engineer to not make config changes via the management port when managed by the Fortigate.

  2. I have a Fortigate 101E (5.6.5) attached to a Fortiswitch 424D (6.01) and can manage most through the Foirtigate.
    Is it possable to have the management ports avaibule on both devices or is the management port on the Fortiswitch always disabled?

    • You can make the FortiGate acesssible via physical ports on either device. Once you start controlling the FortiSwitch from the Gate you don’t really need to access that device anymore directly.

      To do this, you would need to create a software switch that includes the ports/vlans you want to be management specific. A software switch titled “MGMT-LAGG” or something like that and have the IP and access set there. Then just add the ports you want to be included. I say vlans as well because you are going to want to use vlans on the fortiswitch and just take certain ports on said switch to natively use the mgmt vlan you create. So you may use the physical MGMT port on the FortiGate as a member as well as MGMT VLAN that is native on the appropriate FortiSwitch ports. That will enable you to access gate management from either physical location. At that point though most people use loopbacks and just hit the device remotely.

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.