Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ChrisM589
New Contributor

Fortigate 800D Failover pair.

Hi,

In a failover pair can I use different SFP modules.

Primary - Port 23 10GB SFP

Secondary - Port 23 1GB SFP

 

Our backup internet connection is a different speed from the primary connection.

 

regards,

Chris.

5 REPLIES 5
lobstercreed
Valued Contributor

Your backup internet connection MUST be on a different port and both connections need to be connected to both firewalls through a switch. This is in all the guides on how to set up HA, like this one: http://docs.fortinet.com/...an-with-fgcp-ha-expert HA config is fully synced, so all logical connections must be identical between cluster units.
ChrisM589

 

 

 

 

ChrisM589

Hi Lobstercreed,   Thanks for you comments, perhaps I didnt explain very well.   We have a failover pair, with two internet connections. On the primary port 23 with 10GB SFP is primary internet connection with 10GB ISP (via a switch) On the primary port 24 with 1GB SFP is for secondary internet connection with 1GB ISP (via switch)   On the failover port 23 with 1GB SFP is primary internet connection with 10GB ISP (via  a switch) yes I know this is slower but it is the failover switch. On the failover port 24 with 1GB SFP is for secondary internet connection with 1GB ISP (via switch).   So looking at the above can i use a 10GB SFP in fortigate primary and use a 1GB SFP in fortigate failover in what is essentially the same port.

 

See the attached screenshot.

One thing to bear in mind is that the pair of Fortigates are in different buildings, the dotted connections are LR fibre.

lobstercreed

Gotcha, sorry for the bad assumption.  Lots of folks seem to misunderstand HA and it sounded like another one of those initially.

 

While I can't answer from experience, my gut answer is "no", and the research I've done would seem to support that.  The biggest reason goes back to the full config being synced between boxes.  The 10G port would have to be configured as a 1G port (if that's even possible, apparently it depends on the model/port) but this would apply to both members of the HA.

 

So I'd say what you need to do is either upgrade your optics for the HA box or *downgrade* the connection (and optics) to 1G for both boxes until you're able to do this.  Would be happy to be proven wrong if you're able to experiment, but if you're asking, I think the answer is no.

ChrisM589