It is necessary to have a network that is highly fault-tolerant/resilient (a fault can occur on one part of the network, and will keep forwarding traffic in an incorrect way as if nothing is wrong).

However, if the redundant network is not carefully planned and implemented, it can result in a loop and another layer-related issue.

The motive behind having FortiGate in an HA cluster with redundant links to the core switch or switch network like the one below is to have a highly fault-tolerant network.

However, there are cases where the admin configures a 'software switch' on the FortiGate HA cluster facing the switch (these are fully functional L2 switches like Cisco, Juniper, HP, etc.) and assigns ports toward the switch (on FortiGate) as member-ports on this software switch.

This practice can result in a layer 2 loop and MAC address flapping. It is possible to not see or notice this issue until the access layer switch is rebooted, possibly due to a software upgrade.

Below is a sample of the MAC flapping issue that may be seen when the issue occurs:

%SW_MATM-4-MACFLAP_NOTIF: Host 0009.0f09.0020 in vlan xx is flapping between port Gi1/0/47 and port Po1

The 'software switch' in FortiGate is not a fully functioning layer 2 switch and cannot be used as one because of some limitations it has.

For example, it has no CAM table (mac address table) and cannot participate in STP (spanning tree protocol) among other features.

See the following documentation for further details:

Software switch - FortiGate administration guide.

When this type of redundant network is required, it is advised to aggregate ports on the FortiGate towards the switches (make sure to follow the recommended practice with the physical connections). If it is an environment where vPC is supported on the switches, follow this related article:

Technical Tip: Connecting HA FortiGates to Cisco Nexus switches using LACP Aggregate interfaces and ....