Set Up FortiLink to a FortiSwitch¶

FortiLink is the management protocol that lets a FortiGate manage one or more FortiSwitches as if they were a single fabric. Once linked, FortiSwitch ports, VLANs, PoE, and STP are all configured from the FortiGate GUI — no separate switch management interface.

Before You Start¶

A FortiSwitch (e.g. 108E, 124F, 248F) reachable from the FortiGate.
The FortiSwitch is in FortiLink mode (factory default for most models, otherwise reset).
The FortiGate port that'll be the FortiLink trunk (often port5 or higher; can't be a WAN port).
The FortiSwitch's link port (typically port1 on the switch).

Topology¶

[FortiGate]  port5  =========  port1  [FortiSwitch]
              (FortiLink trunk)

Steps¶

1. Configure the FortiLink interface¶

WiFi & Switch Controller → FortiLink Interface (this menu only appears if Feature Visibility has it on).
Pick the FortiGate port to use as FortiLink. Default suggested: port5+.
Apply.

2. Physically connect¶

Plug an Ethernet cable from FortiGate's FortiLink port to the FortiSwitch's port1. The FortiSwitch should boot and auto-discover the FortiGate.

3. Authorize the FortiSwitch¶

WiFi & Switch Controller → Managed FortiSwitches — the switch appears with "Pending Authorization."
Click Authorize. Wait 1-2 minutes for sync.
After sync, the switch shows as Online and Authorized.

📸 Screenshot needed

WiFi & Switch Controller → Managed FortiSwitches list showing the authorized switch online with its model/serial.

4. Configure switch ports from the FortiGate¶

Now under WiFi & Switch Controller → FortiSwitch Ports, you see all ports on the managed switch. Click any port to configure: - VLAN assignment - PoE on/off - Speed/duplex - LLDP/CDP - 802.1X / MAC auth - Port status

CLI Equivalent¶

config system interface
edit "fortilink"
    set ip 169.254.1.1 255.255.255.0
    set allowaccess ping capwap
    set fortilink enable
next
end

# After switch joins:
config switch-controller managed-switch
edit "S108EXXXXXXXXX"
    set fsw-wan1-admin enable
next
end

Verify¶

diagnose switch-controller switch-info status
get switch-controller managed-switch

Should show your switch with State = Authorized, Connection = up.

Common Issues¶

Switch doesn't appear in Managed FortiSwitches. FortiLink interface wrong port, OR switch isn't in FortiLink mode (reset it: factory reset via console).
Switch shows Offline. Cable issue, or VLAN mismatch on FortiLink trunk.
Authorize button missing. Switch already authorized to a different FortiGate. Decommission first.
Slow first sync. Initial config push can take 2-5 minutes; subsequent changes are seconds.