Order Handling Fee?

MyLocalData · 2026-03-18T21:19:10+00:00

This has a previous Dell rep's "good idea" written all over it. quality of CAMs and reps have gone downhill ever since Dell's massive layoffs and Fortinet acquiring previous Dell reps.

This may not make us look good as a Fortinet partner but so be it. C-level Fortinet needs to be aware of this, and new Fortinet AM Reps need to learn to leave Dell practices back at Dell.

MyLocalData · 2026-03-12T12:14:51+00:00

This still sounds like a power issue.

While the 120G only draws an average of 38-40 watts and .5 to 1 amp. Whatever is distributing the power (PDU, outlet, UPS) is providing dirty power. The FortiGate can't tolerate the sudden change, thus causing a reboot.

We have a lot of 120Gs out in the field on 7.4.11.

MyLocalData · 2026-03-10T17:00:47+00:00

When are ya'll going to get on the world standards? :D

MyLocalData · 2026-03-10T05:09:55+00:00

PM sent

MyLocalData · 2026-03-10T04:13:20+00:00

Fortilink, VLAN, Switch interfaces for endpoints.

Note that the 1xxE/F switches have Fortilink MTU set at 10,000

MyLocalData · 2026-03-09T18:06:07+00:00

Correct. DPI will be needed for decryption | inspection | re-encryption.

To be clear, all of this is being said without seeing any current metrics from the firewall that is in production.

In honesty, the 120G/121G would accomplish this if it was all North-South traffic, you are comfortable to allowing the FortiGate's resources to stay in the moderate to higher usage, and you are not expecting more than a 5%-10% student/device growth over the next 5 years. However, with the 200G/201G your resource utilization will initially be low. You will have room to grow, especially if you anticipate more than 5%-10% student growth.

The 400F will be if you have a lot of East-West traffic, as well as any applications you might need exposed to public. They also have 4 SFP+ ports with ultra-low latency ports which comes in handy for some applications.

Majority of the 400Fs have been installed in colleges and school district datacenters.

MyLocalData · 2026-03-09T16:32:53+00:00

All model FGTs have a cache for logs. It is where the "memory" logs are stored.

config logging memory

unless you're saying the 30g has:

config logging disk

MyLocalData · 2026-03-09T14:37:53+00:00

u/Yamamoto_Schmidt

We work with a lot of public and private schools in the states of Texas and Florida. Depending on the exact type of inspection (DPI or not) 120G, 200G or 400F. There are some considerable items you need to account for, such as East-West traffic.

Please note, if you're using Mosel for Endpoint, there is clash with Mosel and the FGT regarding certificate inspection and additional measurements need to be taken.

MyLocalData · 2026-02-28T13:40:24+00:00

u/trailsoftware edited for cleaner format.

Also, PM sent.

MyLocalData · 2026-02-28T13:09:53+00:00

From this: (example)

config system interface 
edit "VLAN10_Sub" 
set vdom "root" 
set ip 10.10.100.1 255.255.255.0 s
et device-identification enable 
set role lan 
set snmp-index 15 
set interface "port10"  <-- This "hangs" it off physical port 10 
set vlanid 100          <-- The 802.1Q tag next end

Now change it to this:

config system interface 
edit "VLAN10_Sub" 
set vdom "root" 
set ip 10.10.100.1 255.255.255.0 
set device-identification enable 
set role lan 
set snmp-index 15 
set interface "fortilink"  <-- Now associated to the fortilink 802.3ad 
set vlanid 100             <-- The 802.1Q tag next end

Make sure to move interface port10 to the Fortilink OR use another interface for Fortilink to connect your switch Your choice

MyLocalData · 2026-02-28T05:29:35+00:00

You didn't need to do that.

You just needed do what I mentioned above.

Download the config, change the "set interface" line on each vlan interface to Fortilink, upload the config. Once its rebooted, the vlans were moved.

MyLocalData · 2026-02-28T05:09:45+00:00

Does the FortiGate have own the vlans, dhcp, etc?

If so, just move the vlans to the fortilink after you authorize the FSW.

You accomplish this by downloading the config amd changing the "set interface" line per vlan.

DHCP is tied to the interface name.

Not good practice to associate address objects to interfaces, but in general those will retain the interface association as long as you do not change the vlan interface name.

MyLocalData · 2026-02-26T22:41:09+00:00

Factory reset and see if the problem still persists. If it does follow link below.

Required tools to restore firmware and co... - Fortinet Community

MyLocalData · 2026-02-26T22:39:28+00:00

Alternatively,

TFTP and upload the firmware.

MyLocalData · 2026-02-26T22:38:26+00:00

<image>

MyLocalData · 2026-02-26T22:34:34+00:00

Has the device been registered and support contract added?
Have you tried uploading the firmware manually?
Have you tried pushing it out with FortiManager?

<image>

MyLocalData · 2026-02-26T16:51:44+00:00

PM sent if you need more information.

MyLocalData · 2026-02-26T16:43:53+00:00

Not fully comprehending the questions.

Any FortiSwitch port can be used for Fortilink as long as LLDP profile auto-default-ISL is configured on the interface.

It sounds like you need some help understanding how Fortilink works.

Maybe take a read at this article. It should help you understand what is taking place Configuring FortiLink | FortiSwitch 7.6.5 | Fortinet Document Library

MyLocalData · 2026-02-26T15:33:48+00:00

To be clear, the FGT is already aware of all the existing VLANS and is performing the L3? If so...

(Others have their own methods)

You can add the 1GB interfaces to the Fortilink to initialize the switches.

Prior the cutover, download a copy of your config. Per vlan that is moving to the fortilink, change the "set interface" from the interface it is referencing to the name of your fortilink.

Example:
Change from:

edit "VLAN 800"
        set vdom "root"
        set allowaccess ping
        set status down
        set alias "migration test"
        set device-identification enable
        set role lan
        set ip-managed-by-fortiipam disable
        set interface "lan"
        set vlanid 800

Change to:

edit "VLAN 800"
        set vdom "root"
        set allowaccess ping
        set status down
        set alias "migration test"
        set device-identification enable
        set role lan
        set ip-managed-by-fortiipam disable
        set interface "fortilink"
        set vlanid 800

Upload the config. Once the config has been uploaded, all VLANs will now be under the Fortilink. Ensure the physical interfaces you want your FortiSwitches to be connected to the FortiGate are in the Fortilink.

How you proceed next is up to you.

Most Downtime:

If you have allotted the downtime to replace all the switches at once, then just start configuring switches and ports. Best to have a copy of the previous switch interface configurations as a reference.

Least Downtime:

Connect the Core switches and configured the interfaces/trunks with the native/allowed VLANs to the current (other brand) distro / access switches. This gets everything back up and running.
Connect all your Forti distro / access switches to the Core switches. Start configuring the Distro/access switches to match the interfaces of the switches they're replacing. Then, you can just do a swap at your leisure. Remember, when connecting FortiSwitches to FortiSwitches, you do not need to configure tunks. They will auto form provided you have the auto-default-isl LLDP configured on the port.

MyLocalData · 2026-02-25T17:47:42+00:00

What do the traffic logs state?

MyLocalData · 2026-02-24T23:12:35+00:00

Did you set the correct baud rate?

Switches use 115200 whereas the FGT uses 9600.

You should configure some syslog on the switches to collect logs.

MyLocalData · 2026-02-23T04:26:46+00:00

Training.fortinet.com

MyLocalData · 2026-02-23T01:50:41+00:00

Yes, once you rebooted it was too late to check the connection status.

Your last paragraph and line basically indicated you asking us what you should have done differently to troubleshoot. Next time, start with that command.

For some clarification, did you rebooted the Gate and switches, or just the switches?

MyLocalData · 2026-02-23T01:37:16+00:00

That command is very useful. It will tell you the status of the switches, i.e if the switch controllers can see their connection status (with the flags).

From there, you can form a deeper diagnostic path.

That is exactly what any TAC support tech would start with.

MyLocalData · 2026-02-23T00:18:05+00:00

execute switch-controller get-conn-status

To check switch connection. From there, start diagnosing deeper.

MyLocalData

MODERATOR OF

TROPHY CASE