600Fs active-active HA to Cisco Nexus 9Ks NX-OS

LarryC · ‎03-21-2023

I have two 600Fs in active-active HA that will be connected to two Cisco Nexus 9K NX-0S in a vPC domain.

I am new to FG attempting to determine correct port settings on the 600F for a redundant inside interface with the goal being if either N9K or 600F goes down, traffic will still flow.

Currently I have port x6 on both 600Fs connected to each N9Ks port Eth 1/2

Primary 600F port x6 – switch 1 N9K port 1/2

Second 600F port x6 – switch 2 N9K port 1/2

The N9K ports are setup as vPC/port-channel

What is the correct interface settings on the 600F to support this or is this not supported?

Thanks much for any guidance.

Anthony_E · ‎03-24-2023

Hello Larry,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎03-26-2023

Hello Larry,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Anthony-Fortinet Community Team.

Irfan_FTNT · ‎03-28-2023

Hi @LarryC,

Thanks for using the Community Forum. The answer is yes, FortiGate support Link Aggregation. You could find more information here.

Thanks,
Irfan

gfleming · ‎03-28-2023

If you have single links from each FortiGate (sounds like you do—x6) then it's just a regular interface no special configuration needed.

If you want to do LACP to your N9K from both Firewalls (so you can have a Nexus switch failure and not have your FortiGate HA failover too) then you can do this with an Aggregate link type.

Cheers,
Graham