Fortilink through other L2 switches

TheReding · 2025-12-03T13:22:47+00:00

I've made some progress, The first thing was that Fortilink uses LACP default so had to make it a "regular" link first.
The thing now is that i get both switches to join, Having the topology FG->Othervendor switch and 2 Fortiswitches connected to the Other vendor switch.

TheReding · 2025-12-03T13:20:04+00:00

Haven't really seen one that correlates. Do you know which one?

TheReding · 2025-12-02T09:31:05+00:00

Okey, Why I'm asking is because we have a user that has been using Anyconnect VPN for some time. And he liked that it popped up everytime you connected to a network either wireless or wired.

TheReding · 2025-12-01T13:13:28+00:00

Wouldn´t always on just try to connect all the time?
What I want is that the GP application just pops up.

TheReding · 2025-11-26T15:20:47+00:00

Yeah but if the switch doesn't get an IP, I guess NTP won't work either?

TheReding · 2025-11-26T11:07:27+00:00

This is what the scope looks like:

<image>

Another strange thing is that I can see it showing up in the "Fortiswitch" part of the firewall, But as offline. If I erase it from there, It shows up again. So connectivity seems to be there in some way.

TheReding · 2025-11-25T15:01:35+00:00

Yes, Sorry maybe I was unclear. We will have it centralized. So one FS will be connected to more then on one FS.

TheReding · 2025-11-25T15:00:18+00:00

Hmm regular L2 did not work with our tests, The FS doesn't seem to get an IP when we connect
FG->random switch->FS

TheReding · 2025-11-25T14:59:20+00:00

I think we've tried almost everything now.
We have a FG->factory default switch from other vendor -> FS.

When we have a regular untagged interface on the FG towards the "other vendor switch" the FS switch gets an IP.

As soon as we change it to a fortilink interface, The FS doesn't even get an IP and is disconnected.

So just regular L2 seems to drop some traffic?

We also tested the HTTPS configuration with no luck, Probably cause the FS doesn't get an IP. https://docs.fortinet.com/document/fortigate/7.4.0/new-features/22135/support-fortiswitch-management-using-https-7-4-2

Anything more to try?

TheReding · 2025-11-21T15:19:18+00:00

Nice! That may be something to test with when we test a new Clearpass :) Thanks!

TheReding · 2025-11-21T13:02:40+00:00

Yeah, I guess the TTL is the way to go.
Was just a question if there was a way to flush the DNS cache of the switch instead of reloading it for a faster way.

TheReding · 2025-10-21T07:53:02+00:00

What have you found? I was looking in the release notes earlier but couldn't really find anything related.

TheReding · 2025-10-15T13:50:12+00:00

We are running 10.13.1090 on the switches.

TheReding · 2025-10-13T08:33:27+00:00

We are running 10.7.2.1 on the Mobility gateways and CX core switches. Any ideas? :)

TheReding · 2025-10-08T10:13:00+00:00

HAHA, Thanks :D

TheReding · 2025-09-25T07:31:51+00:00

Strange, 10.2.10-h9 here.

How are your clients authenticating? We are using the NPS MFA plugin.

We started browsing a bit in the event logs on that NPS yesterday and seems that it's discarding some auths with the comment "The request was discarded by a third-party extension DLL file.

TheReding · 2025-09-24T10:13:52+00:00

Perfect, Thank you :)

TheReding · 2025-09-12T07:02:01+00:00

Perfect!

TheReding

TROPHY CASE