Skip to main content
thund31
thund31
New Member
August 31, 2020
Solved

fortigate 200D aggregate interfaces?

  • August 31, 2020
  • 3 replies
  • 7835 views

Just got an old fortigate 200D firewall but not familiar with it.

I wanna aggregate two ports together and link them to downlink 2 switch ports.

 

would like to know:

is it doable to aggregate 2 ports together and link to switch ports (to increase bandwidth)?

if so, then will the port speed be limited to the lowest automatically?(the switch port speed is 10Gb using CAT6 cable)

 

thanks in advance

    Best answer by Toshi_Esumi

    Yes, Link aggregation is supported on 200D, which we use. But I don't understand your second question while all ports on 200Ds are GE including the SFP ports. No 10Gig ports on this model as you must have seen on the datasheet.

    3 replies

    Toshi_Esumi
    SuperUser
    Toshi_EsumiAnswer
    SuperUser
    August 31, 2020

    Yes, Link aggregation is supported on 200D, which we use. But I don't understand your second question while all ports on 200Ds are GE including the SFP ports. No 10Gig ports on this model as you must have seen on the datasheet.

    make_beer_not_war
    make_beer_not_war
    New Member
    September 1, 2020

    To add to Toshi's answer, I can show you an example config (it's really simple):

     

    config system interface

    edit "if_lag_internal" set vdom "root" set type aggregate set member "port1" "port2" set lacp-speed fast next end

     

    Here I've created an aggregated interface out of ports 1 and 2, called "if_lag_internal". You can go on and treat this like a normal physical interface in subsequent config, add it to a zone, add VLANs to it, etc.

     

    The config on the peer, in my case a Dell switch, is similarly simple. On each interface it's:

    interface Gi1/0/15

    channel-group 2 mode active description "Uplink LAG to primary firewall unit"

     

    I'll try to answer the second part of your question too: as previously stated, the 200D has no 10Gb interfaces. However, even if it did, it would be unwise to mix interface types and speeds. I don't know if it would work but even if it did you might get unreliability or weird results. And sorry if I'm telling you something you already know, but by aggregating 2 ports you don't actually get a true 2Gb link, you get load balancing across the them. So an individual IP connection will still only get the throughput of a 1Gb link. In an environment with lots of connections, the aggregated bandwidth will of course utilise the capacity of both links.

    timwardlaw
    timwardlaw
    New Member
    September 1, 2020

    Yes, you can do this and it will only use the lowest speed interface.  That FGT is only 1Gb interfaces so I wouldn't connect it to a 10gb interface if you can help it.  But yes, you would go into the gate, create an interface and choose type 802.3ad.  It will give you the option to select which interfaces you want to use.  On your switch you will have to create a matching aggregate.

    thund31
    thund31Author
    New Member
    September 2, 2020

    hi guys,

    really appreciate your answers!!

     

    my apologies to the bad statement on question 2.

    here's the thing, I'm planning to use CAT6a cable to link a 10Gb switch and this fortigate 200D.

    two 10Gb ports on switch will be aggregated and connect to 200D's two 1Gb aggregated interfaces.

     

    so the second question was trying to clarify whether these two devices can handle the inconsistent speed between their ports(10Gb and 1Gb) or not. I was wondering about how a 10G switch's aggregated ports and fortigate 200D's 1Gb aggregated ports will determine the speed on cable eventually.

    Terms & ConditionsAccessibility statement