I am trying to achieve a FGT cluster in our DC. Right now we are using just one 60D, but we would like to go to a dual 60D setup. Looking for some input here.
Our DC is giving us two uplinks with VRRP/HSRP configured.
Do I need to insert two switches like in the picture? Or can I leave them out and connect one uplink to one FGT and then setup the cluster? What kind of switches would I need here? Any recommendations?
I probably need to cross the WAN2 lines so that each fortigate has a line to both switches.
The Fortigate HA link will be 2x 1gbit.
I still don't completely understand the VRRP concept. I understand that this means that a DC/ISP backup router is available for us, but what exactly do I configure in the fortigate(s) to make use this feature?
Your diagram is good. You can use any switch as far as that goes so I'm not following your question. The cookbook has various deployment for HA. You might want to review the cookbook.
PCNSE
NSE
StrongSwan
The DC uplinks are 100Mb each. I was wondering if I could use any simple/unmanaged switch there? Does not have to be something with dual PSU or Managing features?
And what about VRRP? Is that something I configure in the Fortigate as well? Or do I just point everything to gateway .225 and then if there is a problem with the DC equipment the failover will happen automatically?
yes Managed or Unmanaged ( your choice ) and yes your using the HSRP vip address you don't configure anything vrrp related on your side.
PCNSE
NSE
StrongSwan
I don't expect Mark to be utilising HSRP as the FHRP as that's Cisco Proprietary.
Yes that'sa typo I seen vrrp and mistakenly saiid hsrp. But his next-hop will be the vrrp vip.
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.