Skip to main content
Mark
Mark
New Member
December 8, 2015
Question

Fortigate HA Active/Active setup

  • December 8, 2015
  • 1 reply
  • 11961 views

I am trying to achieve a FGT cluster in our DC. Right now we are using just one 60D, but we would like to go to a dual 60D setup. Looking for some input here. 

 

 

 

Our DC is giving us two uplinks with VRRP/HSRP configured.

Do I need to insert two switches like in the picture? Or can I leave them out and connect one uplink to one FGT and then setup the cluster? What kind of switches would I need here? Any recommendations?

I probably need to cross the WAN2 lines so that each fortigate has a line to both switches.

The Fortigate HA link will be 2x 1gbit.

I still don't completely understand the VRRP concept. I understand that this means that a DC/ISP backup router is available for us, but what exactly do I configure in the fortigate(s) to make use this feature?

 

1 reply

emnoc
emnoc
New Member
December 8, 2015

Your diagram is good. You can use any switch as far as that goes so I'm not following your  question. The cookbook has various deployment for HA. You might want to review the cookbook.

 

Mark
MarkAuthor
New Member
December 9, 2015

The DC uplinks are 100Mb each. I was wondering if I could use any simple/unmanaged switch there? Does not have to be something with dual PSU or Managing features?

 

And what about VRRP? Is that something I configure in the Fortigate as well? Or do I just point everything to gateway .225 and then if there is a problem with the DC equipment the failover will happen automatically?

emnoc
emnoc
New Member
December 9, 2015

 

yes Managed or Unmanaged ( your choice ) and yes your using the HSRP vip address you don't configure anything vrrp related on your side.

 

 

Terms & ConditionsAccessibility statement