Fortigate 60C HA cluster with internet

HammKing · ‎10-13-2015

We currently have 2 60C's in our office that is HA clustered, however, we cannot find a way to make our internet connection be able to failover like the fortinet unit.

When fortinet unit A (which is where our internet LAN is connected) is down, it will failover to unit B, but we will still have no internet connection.

gschmitt · ‎10-14-2015

Did you connect the FortiGates on a wan port (wan1 or wan2 on both) to a switch and connect the switch to the ISPs connection? ^^

HammKing · ‎10-14-2015

Currently no, the ISP cable is directly connected to WAN1 of unit A, but I understand where you're getting at :)

Is there any other way to achieve internet failover without using switches? We're kinda short on switches right now...

Moreover, we also have two different ISP lines attached to unit A (WAN1 and WAN2). We also configured those two in a failover setting (not load-balanced).

Thanks for the reply btw Gordon :)

In Reply to Gordon Schmitt:

Did you connect the FortiGates on a wan port (wan1 or wan2 on both) to a switch and connect the switch to the ISPs connection? ^^

gschmitt · ‎10-21-2015

Not that I am aware of

In a normal ha cluster it's recommended to keep the ports identical like this:

http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Install_advanced/cb_install-ha.html

A cheap 100Mbit switch to connect your ISPs (actually two in your case) starts at around 10€ so if you have the money for a ha cluster don't cheap out there.

If you want to use a rackmounted switch you already got I am sure it can handle vlans to suit your needs.

Fortigate 60C HA cluster with internet

Nominate a Forum Post for Knowledge Article Creation