Hello.
I have to setup a Cluster with two fortinet 600D.
My LAN Infrastructure use RSTP with d-link switchs and HP switchs.
Is it possible to configure 600D to use spanning tree ?
The main target is to attach two ports of each fortinet to two different switchs
Here is the Cluster Fortinet.jpeg attached.
Thank you.
hi,
what you can do is to allow xSTP packets over the FGT ports. Usually they are not propagated.
You haven't specified your firmware version but I think in all versions you can configure this in the CLI.
conf sys int
set stpforward ena
What I do for a fully redundant cluster setup is to form switch clusters from 2 HP switches (the good ones, ex-3Com, in ComOS called "IRF") and then configure one LACP trunk from 2 firewall ports. They go to the same switch cluster but different hw members. For the second FGT, same setup but cross-over the lines. Last, configure DGD on those trunk ports.
Result: if one switch member fails, the same FGT master will continue to work but with half the bandwidth. If both lines from one FGT fail, the FGT cluster will fail over.
Thanks for replying !
I wonder if I can also configure two ports with teaming One active and one passive.
My firmware fersion is 5.2. I don't specified also that my cluster will be active / passive.
I will also try the xSTP configuration.
Thank you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.