Aggregate Down in Passive Firewall

Question

Hello Guys

I have this Fortinet configuration with HA active-passive mode, and an aggregate was configured with port3 and port4 on the fortinet side and in each Mellanox Switch that is in mlag mode (VPC in Cisco), an 802.3ad LACP with two ports was created (swp41,swp42) with a clag id.

The LACP on the Switch side always shows up, but on the fortinet side, it always shows us down the lacp in the Passive Firewall when I run a diag net aggr name Lacp_Spine the status is down, but the active one is always up.

I would like to ask you for help if this behavior is normal, where the passive always looks down.

Thanks

AlexC-FTNT · Accepted Answer

What you have there is not a supported configuration. The HA is designed as redundancy, not for link aggregation among all members. The MAC address is the same among both members so LACP will not form like that. Please read more:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Aggregate-link-configuration-topologies-in-a-High/ta-p/200980
https://community.fortinet.com/t5/FortiGate/Technical-Tip-High-availability-basic-deployment-design/ta-p/196942
https://community.fortinet.com/t5/FortiGate/Technical-Tip-LACP-behavior-in-an-HA-cluster/ta-p/195163
https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-HA-A-P-Active-Passive-cluster-connected/ta-p/194655?externalID=FD31396

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded