Skip to main content
duahimanshu
duahimanshu
Explorer
October 11, 2024
Question

Inquiry on Failover Design Between Multiple Sites

  • October 11, 2024
  • 2 replies
  • 1414 views

Hello Expert,

I have a design question regarding our current network setup, and I’m hoping you can help clarify a few points. While this design may seem a bit unconventional, we are limited to using the switches already implemented in our design. I would like to know if what I’m proposing is feasible, and if so, how we can achieve it.

Current Setup Overview:

  1. Site 1:

    • Two FortiGate hardware devices configured in High Availability.
    • The setup is functioning correctly.

  2. Site 2 (DMZ):

    • Two virtual FortiGate devices configured in HA.
    • This setup is also functioning correctly.

  3. Site 3 (LAN):

    • Two virtual FortiGate devices configured in HA.
    • Their HA synchronization is working fine.

Connection Between Sites:

  • Site 1’s primary and backup firewalls are directly connected to Site 2’s primary and backup devices.
  • Site 2’s primary and backup devices are connected to Site 3’s primary and backup devices.

Key Question:

  • If the primary firewall at Site 1 goes down, I can configure link monitoring to trigger a failover to Site 2’s primary firewall. However, I am concerned about how Site 3 will be notified of this change.
    • Specifically, if Site 2’s backup device becomes primary and starts sending traffic to Site 3’s backup device, will Site 3 recognize this failover?
    • How Fotigate Backup device behave if it receive the traffic will it dicard?

I have attached a design diagram for your reference to help illustrate my question.

 

 

 HA.png

2 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
October 11, 2024

Ideally those two switches at each site are stacked, or just one switch, so that you don't have to do link-monitor to detect HA status change on the other site. But I assume it's not possible.

- Site 3's FGTs need to have the same link-monitor to detect changes at Site 2.
- Secondary/backup FGT doesn't process/pass L3 packets other than "dedicated-to management" interfaces.

Toshi

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
October 11, 2024

In other words, with your current set up, each site or each HA cluster can't change a-p roles independently. When one of them changes, the other have to change at the same time.
This means, you have to set up the link monitor at Site1 cluster when Site2 swap, and Site2 needs to detect Site3's change as well.
Not efficient design.

Toshi

duahimanshu
duahimanshuAuthor
Explorer
October 11, 2024

thanks Toshi for your reply,

i would like to mention that those switch can not be stacked and those are layer 3 switches.

 

To clarify, with this design, I need to set up the link monitoring on Site 2 for both Site 1 and Site 3, as well as on Site 3 for Site 2, correct?

 

Additionally, lets take another scenario if I configure the interfaces on Site 3 that connect to Site 2 as routed ports and set up a trunk port between the primary and secondary switches at Site 2, would I still need to configure link monitoring on Site 3? In this scenario, if Site 1 goes down, the backup device at Site 2 would route traffic to Site 3 via the trunk port. What are your thoughts on this approach? 

HA.png

 

is there any other way i could achieve which is better way? 

Terms & ConditionsAccessibility statement