New Member

Question

Redundant Interfaces

Forum|Forum|8 years ago
January 11, 2018
2 replies
12954 views

This is my first Firewall Setup and my first post here so forgive me if this post is a little hard to follow

Here is my setup:

2 Fortigate 500D's in a HA Active\Passive

2 ISPs

each connected to a switch (ISP1-->Sw1 ISP2---> SW2) by a single interface with the switches connected via crossover

The Switches are not stacked

SD-WAN

2 Redundant Connections WAN1(port1, port 2) WAN2(port3 ,port4)

My question:

Can I connect each individual port of the redundant interface to a separate switch

Port1--> Sw1(port1) Port2-->SW2(port1)

or

do I have to create aggregate ports on the switches and connect both ports of the redundant interface to the aggregate ports on a single switch?

WAN1\Port1-->Sw1\port1

WAN1\Port2-->SW1\port2

Thank you

Anurag_Goyal

New Member

hi,

take a look on

Drawing3.jpg

boozely25Author

New Member

So judging by this diagram, you cannot split the ports that make up the redundant interface to go to separate switches. Is that correct?

boozely25Author

New Member

Let me reword my question. Can I connect each port of the redundant interfaces to different switches if the switches are not stacked and the switch ports are not aggregated(LACP).

dmcquade

New Member

Yes this is possible. You will need to trunk the switches and create 2 VLANs (1 for each ISP subnet). Create 3 ports for each VLAN. For example, if VLAN10 is defined for ISP 1 and VLAN20 for ISP 2, you can do something like:

ISP 1 --> Sw1 port 1 (VLAN10)

ISP 2 --> Sw2 port 1 (VLAN20)

FW Primary WAN1 --> Sw1 port 2 (VLAN10)

FW Primary WAN2 --> Sw1 port 3 (VLAN20)

FW Secondary WAN1 --> Sw2 port 2 (VLAN10)

FW Secondary WAN2 --> Sw2 port 3 (VLAN20)

Make sure your trunk allows both VLANs

HTH

d

boozely25Author

New Member

Is there a way to do this without vlans?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded