Skip to main content
muhammadsaad
muhammadsaad
New Member
May 29, 2025
Solved

Fortigate Firewall with FortiSwtich along with High availability of both

  • May 29, 2025
  • 5 replies
  • 1477 views

Hello Team,

We have deployed the FortiGate Firewall-201G in HA (Active-Passive) mode. Due to port limitations, we have connected a FortiSwitch (model 148F) to each firewall. These switches are managed through the firewalls.

Currently, we are facing an issue: only the FortiSwitch connected to the primary firewall is coming online. However, we want both switches (connected to the primary and secondary firewalls) to stay online.

Additionally, while the firewalls are in HA mode and have failover configured, the switches do not have any failover setup. This means if one switch goes down, traffic cannot switch over to the secondary switch, which creates a single point of failure.

We have tried using crossover connections and the FortiLink split interface feature, but were not successful. We also noticed that the MC-LAG option is not available on the FortiSwitch 148F.

Could you please advise on the best way to configure failover for both FortiSwitches connected to the primary and secondary firewalls?

Thank you for your support.

Best answer by sjoshi

You need to setup a cross connection between FGT and FSW

There are multiple topology diagram you can refer once

https://docs.fortinet.com/document/fortiswitch/7.6.1/fortilink-guide/617516/determining-the-network-topology

5 replies

Demir25
Demir25
New Member
May 29, 2025

Hi Muhammad, 

do you have a network topology for a better view of it? Are you using an aggregate interface on Fortigate for the switch connectivity? Are Switches connected with each other? For the Switch failover you can setup Monitor interfaces on the Fortigate Firewall on HA configurations. If one of the monitored interfaces connected to the Switch goes down this means the Fortigate will failover so the secondary Fortigate will handle the traffic.

    muhammadsaad
    muhammadsaadAuthor
    New Member
    May 30, 2025

    Hi,

    Thanks for your reply. Please find below the network topology.

    topology.png

    - We are using fortlink interface option in the firewall for the switch connectivities and assign both the ports on one aggregate.

    - Switches are not connected with each other so far.

    - Right now due to interfaces issue on the fortigate firewall we don't have any interface for the setup monitor interfaces on the fortigate firewall.

     

    Please guide and share your input, what will be the workout for this as we want to establish a connectivity that just like firewall, switches have auto failover option as well. Please let us know what configurations and connectivity's we further need to do for this to work.

    Thanks

    sjoshi
    Staff
    sjoshiAnswer
    Staff
    May 30, 2025

    You need to setup a cross connection between FGT and FSW

    There are multiple topology diagram you can refer once

    https://docs.fortinet.com/document/fortiswitch/7.6.1/fortilink-guide/617516/determining-the-network-topology

    Thanks, Salon
      muhammadsaad
      muhammadsaadAuthor
      New Member
      May 30, 2025

      Alright, so i just to make a cross connection and enable the forti-link split interface.

      By doing this, both fortiswitches will show online with redundancy?
      Please confirm

      Thanks for the support

      Demir25
      Demir25
      New Member
      June 1, 2025

      Hi, make a cross connection, connect also FortiSwitches with each other and enable split interface.

      muhammadsaad
      muhammadsaadAuthor
      New Member
      June 3, 2025

      Alright, thanks for the help
      Much appreciated.

      Terms & ConditionsAccessibility statement