Welcome back to the ginger world of engineering, which has been quite a bit Forti-fied since last writing. A good bit of my $dayJob is spent enabling folks to get their FortiStuffs up and running, and it’s way past time to share some of that FortiGoodness here.
Kicking things off with a relatively simple tip, but one that FortiStarters don’t often know, changing the IP/netmask of the Switch Controller FortiLink Interface.
By default, the FortiLink interface comes with a perfectly functional 169.254.1.1/24 address and hands out DHCP addresses for switches in this scope. Perfectly functional, but non-routable ip addresses.
When you want to ping or monitor your switches individually by IP address with 3rd party tools, this non-routable ip scope becomes a no-go on accomplishing these particular tasks.
So before you start hooking up your FortiSwitches for discovery, go ahead and do your future self a favor and change the IP/Netmask to a routable IP address range, and feel free to adjust the DHCP range of your subnet if you don’t like the auto-filled in default range. Future self will thank you for your kindness*.
While you’re at it, treat yourself to a user friendly alias and a couple of interface members for redundancy. You work hard, you deserve it.
*If you decide you don’t want to trouble present self with this change, it is entirely possible to change this later with a little planning and some downtime. But, unless you and future self just love maintenance windows, why wait?
Published 09-29-2022 (screenshots featured in this post are from version 7.0.6)
Disclaimer: I am an employee of Fortinet at the time of this post, but this isn’t a corporate blog and shouldn’t be viewed as any kind of official Fortinet publication. As always, consult your SE/TAC/official documents before making any kind of changes to your network, I promise TAC will not be impressed with “@amyengineer said it was okay.” 😉