Skip to main content
Albert_Coll
Albert_Coll
New Member
May 3, 2018
Solved

Limiting the HA interfaces bandwidth

  • May 3, 2018
  • 2 replies
  • 5135 views

Hello, I should deploy 2 x Fortigate 3000D in HA located in one site each, so that the HA links cannot be direct crossover cables, but regular ethernet cables connected to a LAN infrastructure interconnecting both sites at L2.

 

All my FG 3000D interfaces are 10-gigabit, so that I should use 2x 10-Gigabit interfaces for the HA connection between both, resulting in a theoretical 20Gbps connection.

 

My problem is that I’ve been policed with up to 2 Gpbs in this LAN as per bandwidth constraints of the links between both sites.

 

So my question is whether I can police the HA bandwith consumption in the Fortigate by any means (I have not found any feature to do it), or the best thing I could do is to replace two 10-gigabit SFP+ transceivers by 1-Gigabit SFP’s for HA?

 

    Best answer by ede_pfau

    hi,

    I don't think there is any means to traffic shape the HA links. Besides, HA traffic uses a non-standard ethertype - you should check that the equipment in-between can handle that. Cisco Nexus can't - they use the same ethertype internally and this will collide. The ethertype can be changed on the FGT side (CLI).

    Your best bet would be to use 1 G SFP. Datasheet says they are supported. You will probably use the LX type.

    2 replies

    ede_pfau
    SuperUser
    ede_pfauAnswer
    SuperUser
    May 3, 2018

    hi,

    I don't think there is any means to traffic shape the HA links. Besides, HA traffic uses a non-standard ethertype - you should check that the equipment in-between can handle that. Cisco Nexus can't - they use the same ethertype internally and this will collide. The ethertype can be changed on the FGT side (CLI).

    Your best bet would be to use 1 G SFP. Datasheet says they are supported. You will probably use the LX type.

    rwpatterson
    rwpatterson
    New Member
    May 3, 2018

    Back in the day I had two 1000As in HA mode with a single 1Gb connection. The traffic over that link was inconsequential, even during peak traffic times. 10 Gb is WAY overkill for those links, in my opinion.

    Albert_Coll
    Albert_CollAuthor
    New Member
    May 3, 2018

    Thank you for your inputs.

     

    I think i'll try to replace two 10-G transceivers SFP+  at each Fortigate unit by 1-G copper SFP's. I'll also try to find if my network can cope with the Fortigate ethertypes.

     

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    May 3, 2018

    You can find the ethertypes in your config:

    config system ha

       show full

    Terms & ConditionsAccessibility statement