Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
EmbFergie
New Contributor

Assign Static IP

I have 2 FG60F in HA active/passive mode

Have 2 x FSW224E each hanging off one FG.

FG is managing SW's.

Vlans are setup and working.

I followed this https://www.youtube.com/watch?v=-m_WHSRPiks, see diagram at 4.07mins

But I need to be able to setup 4 ports with completely different and static IPs on each port, these will be routed to different systems.

So core vlan 101 10.20.5.0, and the other 4 non vlan port need to be 172.20.5.0/29.  

So port 4 on sw1 IP 172.20.5.4, port 4 on sw2 IP 172.20.5.5 and have a HSRP IP of 172.20.5.6 which will be next hop for host system.

How to set this up?  Do I set this up on the SW or on FG?  What if there aren't enough ports on FG?

 

 

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello EmbFergies,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks

Anthony-Fortinet Community Team.
Markus_M
Staff
Staff

Hello  EmbFergie,

 

I am not sure what your target is. The video is about HA, so I assume you have that diagram.

If you are in designing phase of the network, see to finish the design, you might have to revise it again.

If you use the switch you will probably want to use VLANs (defined on FortiGate network config) and add the VLANs to the switch port (applied on the FortiGate, switch controller port config).

If you want to use the physical ports, you don't need VLANs, but you can use VLANs.

Keep in mind that VLANs, once defined on a physical port, are stuck on that port. It is possible, but difficult to move VLAN123 from port1 to port5 on a FortiGate. On the switch it is easy as all VLANs on FortiGate are defined on a single trunk port, the FortiLink. On the switch controller, port config you can switch and change VLANs as you need it.

This is one thing that I learned when designing my network.

 

Best regards,

 

Markus

EmbFergie

Markus

This is what I am trying to accomplish.  How to do this so that if one circuit say from UAA1 fails that failover happens and UAA2 connectivity is established.  I can break HA if that will fix this.

 

MLF_ 589.png