LAN failover is not occurring between the FortiGate HA pair and the Cisco Switches operating in VSS

[ Cisco VSS Logical Switch ]
(Switch 01 + Switch 02)
/ \
[Po101] [Po101]
/ \ / \
(Eth1/3) (Eth2/3) (Eth1/4) (Eth2/4)

| | | |
[ x1 ] [ x2 ] [ x1 ] [ x2 ]
[FortiGate-01] [FortiGate-02]
(ACTIVE) (PASSIVE)

| |
TRAFFIC <----------- NO TRAFFIC

The Cisco switch is configured with an EtherChannel (Port‑Channel 101) that bundles four interfaces—Eth1/3, Eth2/3, Eth1/4, and Eth2/4—operating in active mode, as shown in the diagram.

The FortiGate firewalls are deployed as an HA pair, with ports X1 and X2 connected to the Cisco VSS switches. Port X5 is connected to the Internet link (Cisco Wan Router) and is also configured as an HA‑monitored interface.

Additionally, the X5 port is part of the WAN_Aggregate interface, which is assigned to VLAN 50. VLAN 50 serves as the Internet_VLAN SVI, and the default gateway for the Internet_VLAN resides on the Cisco router.

When the X5 interface goes down, the HA failover is initiated as expected. However, the LAN does not fail over because the LAN-facing monitored interfaces remain operational. As a result, LAN reachability is lost even though an HA failover event occurs