Skip to main content
skell_sumner
skell_sumner
New Member
September 5, 2022
Question

Physical wiring MCLAG, Fortigate HA and IDF Stack(s)

  • September 5, 2022
  • 2 replies
  • 3106 views

Ok. I am struggling with the proper physical cabling for a highly redundant network. With the following attributes:

  1. Dual ISP
  2. HA Failover firewall cluster
  3. MCLAG Core (Two 10G 24 Port switches also used for 10G connectivity to HA VM Clusters)
  4. A four switch access layer stack in the data center
  5. A 2 switch Stack IDF
  6. A 2nd IDF with a single switch.

Here is the diagram I have come up with so far wading through the vague Fortinet documentation on the subject:

 

2022-09-04_22-10-24.png

 

I'm not sure if this is overly complicated or correct. Any help is appreciated.

2 replies

A
Anonymous_User
Contributor
September 7, 2022
Hello @skell_sumner ,
 
Thanks for your post on the Fortinet Community forum. We hope that fellow Fortinet Community members share their insights on your query which will be of help to you. Meanwhile, if you have a Fortinet account manager we recommend you reach out to them as this seems to be more of a design related question.
 
Thanks and regards
 
sidewaysguy14
Staff
sidewaysguy14
Staff
September 7, 2022

Hey there, 

 

Overall, the only thing that you may want to change is the IDF loop connectivity back to the distribution switches.  For the loop, connect redundantly from the top to the first distribution switch and the bottom to the second distribution switch.  STP will be used and traffic flow will be distributed through either side.  Using more than one link back to the distribution switch will create a LAG which in this case would expand the capacity and provide cable redundancy from the top and bottom of the stack.   I'm going to guess you have been using this for guidance in your design:  https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/780635/switch-redundancy-with-mclag 

Terms & ConditionsAccessibility statement