This article describes how to resolve the ‘system/interface/fortilink/allowaccess : cannot change allowaccess if when fortilink is enabled’ error in FortiGate/FortiManager.
If it is desired to add administrative access in FortiGate or via FortiManager, it can be possible to encounter the below error:
Scope
All FortiGate Firmware versions.
Solution
In the FortiLink interface, it is possible to allow administrative access. This error is expected behavior as FortiLink interfaces do not permit these changes.
To allow administrative access, it is necessary to enable it on the switch controller. This configuration will then be pushed to managed FortiSwitches via FortiLink.
For example, to allow SNMP or telnet, it is necessary to configure:
config switch-controller security-policy local-access
edit "{default | <policy_name>}"
set mgmt-allowaccess <options> snmp telnet
set internal-allowaccess <options> snmp telnet
next
end
Additionally, it is necessary to create a firewall policy allowing SNMP traffic between the SNMP server and the FSWs. Follow the guide below for detailed instructions: Configuring SNMP