Synchronization of bridging information b...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 359726

Description

This article describes how bridging information called forward domain is synchronized between FGSP standalone clusters working as a transparent mode with standalone-config-sync enabled.

Scope

FortiGate FGSP standalone cluster.

Solution

If traffic flows asymmetrically between FGSP standalone cluster working as a transparent mode, synchronizing bridging information is crucial to deal with traffic.

MAC addresses of PC#1 and PC#2 are learned by FGSP-A and copied to FGSP-B. PC#3 is learned by FGSP-A and copied to FGSP-B.

The 'TTL' of the copied entries increases and reaches to 2/3 of its configured mac-ttl(300 sec).
When the 'TTL' reaches 2/3 of the configured mac-ttl (300 sec), entries are renewed if entries still exist in the bridging information of the FGSP initially learns MAC and copies them to its FGSP peer.
If entries are not identical between FGSP standalone clusters. In this screenshot, '80:fa:5b:66:0e:9e' is learned by FGSP-B but not copied to FGSP-A.
Restating 'hatalk' on the FGSP-B copies its bridging information to its peer, FGSP-A.

122

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Synchronization of bridging information between FGSP standalone cluster working as a transparent mode with standalone-config-sync enabled

You are leaving our website