Fortinet 60D's in HA Active/Active Port Channel Problem
I just recently installed two Fortinet 60D's firewalls in HA mode and set to active/active. On both firewalls ports 6 & 7 are connected to each other for heart beat connection. On port 5 of both firewalls they are wired into a single Cisco 2960s switch. On the Fortinet I set port 5 as 802.3 aggerate and on the cisco side I did a port-channel for ports 47 & 48.
What I am noticing is port 47 on cisco is showing up/up and on port 48 its showing suspended. I have tried a couple of different configurations on the cisco side and I can not get both ports up.
Below is my configuration from Cisco and Fortigate:
Interface Gi 1/0/47 & 48
Switchport mode trunk
channel-group 1 mode active
Interface Port Channel 1
switchport mode trunk
Cisco Switch is a WS-C2960S-48FPS-L running ver 15.2(2)E9
config system interface
edit "Port Channel"
set vdom "root"
set allowaccess ping https ssh http
set type aggregate
set member "internal5"
set lldp-transmission enable
set role lan
set snmp-index 13
That's not how FGTs in HA work (they don't act like a switch stack but more like routers using a redundancy protocol). You need two different port channels on the Cisco side. 1 for the primary FGT and 1 for the secondary.
At that point there's not really any point in using aggregation in the first place, but if you wanted to add a second interface to each box afterwards you could.