Skip to main content
Ahmedaz
Ahmedaz
Visitor III
May 26, 2024
Question

Aggregate Down in Active and Passive Firewall

  • May 26, 2024
  • 1 reply
  • 8506 views

Hello Engineers.

I have this Fortinet configuration with HA active-passive mode, and an aggregate was configured with port3 and port4 on the fortinet side and in each Huawei Switch that is in Stack mode and 802.3ad LACP with two ports was created 

 

The LACP on the Switch side always shows up, but on the fortinet side, it always shows us down the lacp in the Active and Passive Firewall when I run a diag net aggr name Lacp_SW the status is down,in the both of them.

 

I would like to ask you for help if this behavior is normal, where the  Active and passive always looks down.

 

Thanks 

1 reply

ozkanaltas
ozkanaltas
Valued Contributor III
May 26, 2024

Hello @Ahmedaz ,

 

This is not normal. You can troubleshoot lacp issue with that document. Sometimes, you need some custom configuration on switch side like lacp mode. 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Initial-troubleshooting-steps-for-LACP-Link/ta-p/198339

    Ahmedaz
    AhmedazAuthor
    Visitor III
    May 26, 2024

    Hello @ozkanaltas 

    Thanks for Reply , Now the Active one Appear that Aggregate is UP but still in the Passive one is DOWN

    ozkanaltas
    ozkanaltas
    Valued Contributor III
    May 26, 2024

    Hello @Ahmedaz ,

     

    This is normal behavior. Passive units share the same Mac address as the master unit and always stay in standby mode and can't respond to lacp packets. 

     

    If you want to learn if it's working or not, you can failover your firewall. After the failover process lacp should work on 2nd unit.

     

    And also you can review LACP topologies in this link.

     

    https://community.fortinet.com/t5/Support-Forum/Aggregate-Down-in-Passive-Firewall/m-p/206991#M190904

     

     

     

      Terms & ConditionsAccessibility statement