When FortiSwitches are operating in FortiLink mode, they are managed through the FortiGate and may not be directly reachable by the Auvik collector.
In these environments, Auvik can collect switch inventory, interface, and topology information through the FortiOS REST API on the FortiGate.
This functionality is supported on FortiOS 6.0 and later releases.
Note: Auvik communicates with the FortiGate and retrieves FortiSwitch information through the FortiLink relationship. Direct connectivity to the FortiSwitch is not required.
Information Collected from FortiSwitches
When the FortiOS REST API is configured, Auvik can collect information including:
Device Information
- Model
- Hostname
- IP address
- Serial number
- Operating system version
- Up/Down status
- Uptime
Interface Information
- Interface name
- Interface type
- MAC address
- Interface status
- Interface speed
- VLAN assignments
- Peer interface information
Traffic Statistics
- Inbound and outbound octets
- Inbound and outbound unicast traffic
- Inbound and outbound broadcast traffic
- Inbound and outbound multicast traffic
- Inbound and outbound errors
- Inbound and outbound discards
Switching Information
- MAC forwarding table
LLDP Discovery
Auvik can also collect LLDP topology information through the FortiGate CLI when login credentials are configured and CLI access is enabled.
Using both REST API and CLI credentials provides the most complete visibility into FortiLink-connected switches.
Configure the FortiGate
To allow Auvik to access FortiSwitch information, you must:
- Create an API administrator profile.
- Create a REST API administrator.
- Add the API credentials to Auvik.
Create an Admin Profile
- Log in to the FortiGate.
- Navigate to System > Admin Profiles.
- Click Create New.
- Enter a profile name.
Configure the following permissions:
| Category | Permission |
|---|---|
| Firewall | Custom > Address = Read |
| Network | Configuration = Read |
| Network | Router = Read |
| System | Configuration = Read |
| WiFi & Switch Controller | Read |
- Click OK.
Note: These permissions provide sufficient access for Auvik to collect FortiSwitch information without granting administrative control.
Create a REST API Administrator
- Navigate to System > Administrators.
- Click Create New > REST API Admin.
- Enter a username.
- Select the admin profile created above.
- Disable PKI Group unless required by your environment.
Trusted Hosts
Configure Trusted Hosts to allow the Auvik collector.
Use the collector IP address in CIDR format.
Example:
192.168.1.10/32
Recommendation: Use
/32whenever possible rather than broader ranges to limit API access to the collector only.
CORS Allow Origin
CORS configuration is not typically required when the collector is located within the local network.
- Click OK.
The API token is displayed.
Important: Copy the API token immediately. The token cannot be viewed again after the window is closed.
- Store the token securely.
- Click Close.
Add the API Credentials to Auvik
Before creating the credential, determine:
- The management IP address of the FortiGate
- The HTTPS port used for management access (default: 443)
Important: If the wrong management IP address is configured, repeated authentication failures may trigger FortiGate security protections and temporarily block access attempts.
To add the credential:
- Navigate to Discovery > Manage Credentials.
- Select Device API Credentials.
- Click Add Device API Credentials > Fortinet.
Enter:
| Field | Description |
|---|---|
| Name | Description used within Auvik |
| Device | FortiGate management IP address |
| API Key | API token created above |
| Port | HTTPS management port (default: 443) |
- Click Test Connection.
- Verify the test succeeds.
- Click Save.
Verify Discovery
After the credential has been added:
- Allow Auvik time to perform discovery and polling.
- Verify that FortiSwitch devices appear in inventory.
- Confirm interface and topology information is being collected.
Depending on the number of FortiSwitches and the polling schedule, it may take several minutes before all information appears.
Troubleshooting
Test Connection Fails
Verify:
- The FortiGate management IP address is correct.
- HTTPS access is enabled.
- TCP port 443 (or the configured management port) is reachable from the collector.
- The API token was copied correctly.
- The collector IP is included in Trusted Hosts.
FortiSwitches Are Not Appearing
Verify:
- The switches are operating in FortiLink mode.
- The switches are managed by the FortiGate.
- The FortiGate can see the FortiSwitches in the FortiLink inventory.
- The API account has the required permissions.
Missing Topology Information
Verify:
- Login credentials have been configured in Auvik.
- CLI access is enabled.
- LLDP is enabled where appropriate.
REST API collection provides switch inventory and interface information, while CLI access may be required for additional topology data.
Additional Information
For the most complete FortiSwitch monitoring experience:
- Configure FortiOS REST API credentials.
- Configure FortiGate login credentials for CLI access.
- Ensure FortiLink is operating normally.
- Restrict API access using Trusted Hosts.
This combination provides inventory, interface statistics, switching information, and topology visibility for FortiLink-managed environments.
For more information on the FortiOS Rest, click here: https://fndn.fortinet.net/index.php?/fortiapi/1-fortios/92/