Redundant interface on 1 x firewall connecting to 2 x firewalls in a HA cluster

Question

I have 2 x Locations - Site A and Site B

Site A - 1 x F201E (FW-101)

Site B - 2 x F201E in HA cluster mode (FW-601 and FW-602)

in Site B, a fiber cable is connected to Port 15 each on the pair of firewalls (2 x fiber cables in total)

in Site A, FW-101's Port 15 is connected to FW-601 and Port 16 is connected to FW-602 using the fiber cables

Site B : port 15 - 192.168.11.22/30

Site A : Redundant interface (members : port 15 and 16) - 192.168.11.21/30

Redundant Interface is up and point to point link is working when the master is FW-601 but when I failed over to FW-602, the link and interface is still shown as up but I cannot ping nor route traffic through the point to point link anymore.

How can I make this point to point link work in my scenario ? Thanks for helping in advance

Toshi_Esumi · Answer

I wouldn't build a redundant network this way with those given circuits and equipment, and I would assume redundant interfaces are generally terminated by a switch or another FGT with the same set of redundant interfaces. But at the same time, I also assume this would work. So let me ask some questions.

First, how did you trigger the HA fail over? Did you simply disconnect the primary cable, which is monitored by the HA at site B?

Then, what was the physical interface status terminating those circuits on site A when the failover happened. You probably need to use "diag hard deviceinfo nic <port_name>" to see it.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded