Public IP failover to secondary fortigate

Forum|Forum|2 years ago
May 5, 2024
2 replies
1100 views

hi, i am new to fortigate. I have a deployment question on fortigate . We have one 2 fortigate in HA. one of the device is configured with public ip 122.22.55.70 on wan link. if the primary fortigate fails will the public ip will be moved to secondary device ?

adimailig

Staff & Editor

Hi @jpever ,

Fortigate on HA (A-P and A-A) will be having same configuration.

Thus, the IP address configured on FW1 will be the same with FW2.
IP addresses will be active on Primary Firewall.
If primary firewall fails, the secondary device will take over all the IP addresses and connection.

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/900885/ha-active-passive-cluster-setup

Toshi_Esumi

SuperUser

In other words, one FGT needs to terminate both circuits and have a mechanism to failover the circuit by itself. The mechanism can be SD-WAN setup or simple metric based failover (AD or priority) with link-monitor, or BGP if both circuit vendors (or one vendor) offer BGP. But the topology concept looks like below:
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/759633/sd-wan-with-fgcp-ha-expert
The switches terminating the circuits can be only one, just like LAN side in the diagram. The key is to split the circuits and deliver them to both units.

Toshi

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded