LESSON 01: Managed Switch

Question 1

What is FortiSwitch?

Answer 1

This is Fortinet’s ethernet switch which operates at layer 2 of the OSI model.

Question 2

What OS does FortiSwitch run?

Answer 2

FortiSwitchOS

Fortiswitch OS is based on FortiOS Kernel

Question 3

What interface is used to manage FortiSwitch on a FortiGate?

Answer 3

Fortilink Interface

Question 4

What are the three (3) use cases for FortiSwitches?

Answer 4

1. Secure Access
2. Datacenter
3. Rugged

Question 5

What are the three (3) management modes for FortiSwitch?

Answer 5

1. Standalone
2. Managed Switch
3. FortiLAN Cloud

Question 6

When Fortiswitch is deployed in managed mode, what device acts as the controller?

Answer 6

The Fortigate

Question 7

Key benefits of managing FortiSwitch devices using FortiGate

Answer 7

1. Zero-Touch Provisioning
2. Secure Configuration Management
3. Centralized Provisioning and Maintenance
4. Fortiswitch Stacking

Question 8

What is zero-touch provisioning in FortiSwitch management?

Answer 8

Administrators only need to connect FortiSwitch to a FortiGate interface with FortiLink enabled. FortiGate then automatically discovers and provisions FortiSwitch.

If FortiManager is used, zero-touch provisioning can also be achieved by configuring the FortiGate settings on FortiManager.

Question 9

How is secure configuration management handled in FortiSwitch?

Answer 9

All FortiSwitch management is done on the FortiGate GUI and CLI, or on FortiManager if used. Administrators do not need to log in to FortiSwitch.

This enhances security and simplifies management.

Question 10

What does centralized provisioning and maintenance mean for FortiSwitch?

Answer 10

FortiSwitch becomes an extension of FortiGate, allowing configuration of firewall policies for FortiSwitch VLANs in the same way as FortiGate VLANs.

Authentication and authorization are also handled centrally on FortiGate or FortiManager.

Question 11

What is a FortiSwitch stack?

Answer 11

FortiGate can manage multiple FortiSwitch devices stacked in different ways to offer scalability and redundancy.

Question 12

What must be enabled on FortiGate to manage FortiSwitch stack?

Answer 12

Switch controller feature

This feature allows FortiGate to discover and manage connected FortiSwitch devices.

Question 13

What must be checked for compatibility between FortiSwitch and FortiGate?

Answer 13

FortiSwitchOS version and FortiOS version

Compatibility can be verified using the compatibility matrix available on docs.fortinet.com.

Question 14

Is the switch controller feature enabled by default on all FortiGate models?

Answer 14

No, it is not enabled by default on FortiGate VM models

Most other FortiGate models have this feature enabled by default.

Question 15

How can the switch controller feature be enabled on FortiGate VM models?

Answer 15

By running specific CLI commands

These commands are provided on the relevant slide.

Question 16

Where can you find the related switch controller settings after enabling the feature?

Answer 16

Under the WiFi & Switch Controller section in the GUI

If not visible, check the Feature Visibility page.

Question 17

What should you do if the GUI settings for switch controller are not displayed?

Answer 17

Ensure the Switch Controller feature is enabled on the Feature Visibility page

This step is crucial for accessing the settings.

Question 18

What is the default VLAN assigned for switch management traffic?

Answer 18

VLAN 4094

VLAN 4094 is configured as the native VLAN on various links.

Question 19

What type of traffic is exchanged untagged on switches?

Answer 19

Switch management traffic

This traffic is assigned to VLAN 4094 by default.

Question 20

What is VLAN 4094 configured as on the FortiLink trunk?

Answer 20

The native VLAN

It is also configured as the native VLAN on inter-switch links (ISLs) and inter-chassis links (ICLs).

Question 21

What are ISLs and ICLs

Answer 21

Inter-switch links (ISLs) and inter-chassis links (ICLs)

VLAN 4094 is the native VLAN for both ISLs and ICLs.

Question 22

True or False: VLAN 4094 is not used for inter-chassis links.

Answer 22

False

VLAN 4094 is used as the native VLAN for inter-chassis links (ICLs).

Question 23

What is the factory default FortiLink interface named in FortiGate devices that support the switch controller feature?

Answer 23

fortilink

This interface is located in the root VDOM.

Question 24

What type of interface is the default FortiLink interface?

Answer 24

link aggregation group (LAG) interface

No LAG members are assigned by default.

Question 25

What roles does FortiGate perform for the managed switches by default?

Answer 25

default gateway, DHCP server, DNS server, NTP server ## Footnote FortiGate provides these services automatically.

Question 26

What must be done before managing switches that FortiGate discovers by default?

Answer 26

Authorize the switches ## Footnote Alternatively, devices can be automatically authorized.

Question 27

What is the consequence of disabling the FortiLink split interface when connecting to switches?

Answer 27

You lose management of one or more switches ## Footnote This occurs if the switches do not support MCLAG.

Question 28

Fill in the blank: The default FortiLink interface requires the administrator to _______ the LAG members manually.

Answer 28

add ## Footnote This is necessary because no members are assigned by default.

Question 29

What protocol does FortiGate use by default for switch discovery?

Answer 29

FortiLink ## Footnote FortiLink discovery frames include the switch serial number and port information.

Question 30

What information is included in FortiLink discovery frames?

Answer 30

Switch serial number and port information ## Footnote Only specific ports send FortiLink discovery frames in standalone mode.

Question 31

Which alternative switch discovery method can be used alongside FortiLink?

Answer 31

LLDP ## Footnote LLDP is used for setting up switch stacks and automatically configuring trunk links.

Question 32

What does LLDP enable when setting up a switch stack?

Answer 32

Automatic configuration of links as trunks (auto-ISL) ## Footnote This feature simplifies the setup of multi-switch environments.

Question 33

What is the role of CAPWAP in FortiGate's management of FortiSwitch devices?

Answer 33

Switch authentication, authorization, and health checks ## Footnote CAPWAP establishes a DTLS tunnel for secure communication.

Question 34

What type of tunnel does CAPWAP establish between FortiGate and the switch?

Answer 34

Datagram Transport Layer Security (DTLS) tunnel ## Footnote This tunnel secures the communication for authentication and health checks.

Question 35

What additional information does FortiSwitch send to FortiGate using CAPWAP?

Answer 35

LLDP neighbor information and switch logs ## Footnote This helps in monitoring and managing the switch more effectively.

Question 36

Why is the use of NTP important for FortiGate and FortiSwitch?

Answer 36

To ensure that the time is in sync; otherwise, the CAPWAP DTLS tunnel won’t be established.

Question 37

What happens if the time on FortiGate and FortiSwitch is not in sync?

Answer 37

The CAPWAP DTLS tunnel won’t be established and the switch won’t come online.

Question 38

What is the default firmware upgrade method on a managed switch?

Answer 38

https

Question 39

What protocol does Foritgate use to inform FortiSwitch of its Authorization?

Answer 39

Fortilink

Question 40

What FortiSwitchOS CLI setting controls the automatic broadcast of FortiLink discovery frames on a switch?

Answer 40

"auto-discovery-fortilink"

Question 41

What happens to the switch configuration when a switch in standalone mode is authorized?

Answer 41

The switch configuration is saved locally before changing to FortiLink mode ## Footnote This allows for restoration of the previous configuration if the management mode is changed back to standalone.

Question 42

Where is the configuration for a managed switch stored?

Answer 42

On FortiGate, as part of the FortiOS configuration file ## Footnote This includes configuration revisions and backups made by the administrator.

Question 43

How is the configuration pushed to a managed switch from FortiGate?

Answer 43

Using the FortiSwitch REST API ## Footnote The push follows an asynchronous model.

Question 44

What is the consequence of making configuration changes directly on the switch?

Answer 44

Configuration changes made directly on the switch are not synced to FortiGate and may be lost ## Footnote Therefore, making changes directly on the switch is not recommended.

Question 45

How does FortiGate handle configuration pushes for a managed switch after authorization?

Answer 45

FortiGate pushes the complete configuration only once after switch authorization, then only the delta configuration for changes made by the administrator ## Footnote Delta configuration refers to only the changes made since the last push.

Question 46

What triggers FortiGate to push delta configuration to a switch?

Answer 46

When the switch status changes from offline to online, provided there were changes made while it was offline ## Footnote Status changes can occur due to reboot, firmware upgrade, or network disconnection.

Question 47

What is the benefit of FortiGate pushing configuration to multiple managed switches at the same time?

Answer 47

Improves performance and scalability ## Footnote This allows for efficient management of multiple switches.

Question 48

What protocol does FortiSwitch use to export logs to Fortigate?

Answer 48

CAPWAP

Question 49

What is the default log severity level used by FortiSwitch to export logs to Fortigate?

Answer 49

Information