Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
escubi
New Contributor

Created on ‎07-04-2013 04:51 AM

Fortigate 80C and 2 internet conections

Hi all, I have 2 fortigate 80c and 2DSL conections. I have some doubts and I hope you can help me. 1º)I would like to use HA in the 2 fortigate. I have read about some HA methods . Really I would like a Active Active deployment, DHCP on the 2 fortigate at the same time and , if it possible, to balance the internet traffic between the 2 DSL lines at the same time. ¿Is this possible? Which is the best method of HA for this scenario? 2º)I have 2 DSL lines... I would like that the fortigates obtain the public IP address of the 2 DSL lines. The DSL lines will be configured without NAT (bridge mode). ¿Is this posible? Fortigate can obtain 2 public IP addresses and balance the internet traffic between the 2 lines at same time? 3º)Finally I have doubts about the physical connection method. 80C have 3 ports. Internal, wan 1 and wan 2. I had thought to connect it to a switch(with vlans, with the DSL connected too etc). Wich is the correct connection method? Can I conect only one cable with tagged vlans to the switch. ¿I need to conect wan1, wan2 and internal with a different network each? Really I need 2 LAN networks to can connect to the public IPs. Sorry I speack not well english. I hope you understand me. Regards ¡¡
1557
0 Kudos
2 REPLIES 2
danto
New Contributor

Created on ‎07-05-2013 01:30 AM

Hi, 1) It is possible to use Active-Active, but I recomend you use Active-Passive to see the load. If is not too hight I would use Active-Passive 2)You cannot use PPPOE or DHCP with HA, tha HA will not form 3) You can use VLAN with the ports, or you can split the internal switch of the FGT in different physical interfaces: config system global set internal-switch-mode interface You have to disable first everything that is linked to the internal interface such as DHCP server configured, firewall rule, etc.
There is no patch for human stupidity...
There is no patch for human stupidity...
516
0 Kudos
escubi
New Contributor

Created on ‎07-05-2013 05:03 AM

1) Ok 2) This is for all the fortigate models or only for the 80c? I talk about dhcp server to the clients not about DHCP client... If I can' t use DHCP with HA I need an external DHCP server to can clustering it... If one fortinet fails the clients cannot obtain IP address... If I cannot use PPOE with HA is another problem... In this case, I think one possible solution is to translate ( NAT )on the internet routers. One port of each " DSL" router connect to a same network that fortigate and fortigate use 2 gateway address to balance the traffic. Is a possible solution? 3)Ok
516
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.