- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSwitch
- FortiSOAR
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Active Active Firewall 1200D
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Active Active Firewall 1200D
Dears
This is my new installation of 1200D i have a Cisco Nexus acting as a core for the campus which are connecting to the 1200D, my question is my both Nexus core are active (forwarding traffic) i also want my 2* 1200D firewall to be in active active state as it is not configured for any VDOM is it possible ??? i am having a cisco asa firewall knowledge where an asa can be active active only in multiple context mode, it means for context A--- FW-A is active and FW-B is standby for context B ----FW-B is active and FW-A is in standby.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sonydarrel wrote:This is my new installation of 1200D i have a Cisco Nexus acting as a core for the campus which are connecting to the 1200D, my question is my both Nexus core are active (forwarding traffic) i also want my 2* 1200D firewall to be in active active state as it is not configured for any VDOM is it possible ???
Could you describe the setup a bit more?
If I understand you correctly you want an Active-Active HA Cluster. This is doable. Simply select "Active-Active" in the HA Config Menu instead of Active-Passive
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you running multi-vdoms? with virtual-clustering you can run multiple vdoms on each fortigate in the same fashion as the cisco multi-contexts & load-balane vdoms.
or
If you want to run pure A-A and loadblance sessions be aware of the limits and what can or pretty much not load-balance. Here the Active ( master ) unit controls pretty much all sessions allocations based on lb or weighted by assignment of the virtual-mac. If your familiar with cisco GLBP, than you will understand the fortigate A-A concept.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear,
I am not running any VDOMS still i can configure the 2 * fortinet as A-A, this is not possible in Cisco, as per gschmitt reply it is it is doable just by choosing A-A in the HA config, so this mean both the firewall can forward traffic though they are in no multiple VDOMS
Please confirm my thoughts.
thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
you can run Active-Active with only one VDOM. This is referred to as "UTM Offloading" where the primary unit offloads UTM-enabled sessions to the subordinate unit(s) (Units, because fortigate clusters can grow up to 4 units).
You can enable the cluster to also offload TCP and UDP sessions (without UTM enabled), but this is not recommended since all sessions will be first handled by the primary unit, only heavy UTM session offloading can result in higher throughput.
Note that is is not load-balancing, but rather load-sharing what you're about to accomplish. Active-Active in the Cisco mind is called Virtual Clustering on FortiGate.
Regards,
Steffen
Regards,
Steffen
NSE8
Regards,
Steffen
NSE8
Related Posts
- FortiGate Azure standby unit (A-P... 126 Views
- S2S VPN Traffic from a 1GB... 210 Views
- Fortianalyzer SSH still accessible on HA... 82 Views
- SNMP don't response traffic 717 Views
- FortiAP 231F not connecting to FG 266 Views
Labels
-
FortiGate
6,963 -
FortiClient
1,369 -
5.2
801 -
5.4
639 -
FortiManager
605 -
FortiAnalyzer
440 -
6.0
416 -
FortiAP
363 -
5.6
362 -
FortiSwitch
361 -
FortiClient EMS
282 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
123 -
FortiGuard
111 -
IPsec
101 -
FortiGateCloud
92 -
FortiSIEM
91 -
SSL-VPN
88 -
FortiCloud Products
85 -
FortiToken
76 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
SD-WAN
43 -
FortiEDR
42 -
Fortivoice
42 -
FortiDNS
37 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
FortiAuthenticator
28 -
High Availability
28 -
VLAN
27 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
FortiConverter
21 -
DNS
20 -
FortiGate v5.2
19 -
FortiPortal
18 -
Certificate
18 -
FortiSwitch v6.2
17 -
SAML
17 -
LDAP
17 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
FortiLink
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Fortigate Cloud
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Web profile
9 -
Application control
9 -
4.0MR2
9 -
SSID
8 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
IP address management - IPAM
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
IPS signature
5 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
Web rating
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1006 | |
| 837 | |
| 478 | |
| 440 | |
| 136 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.