Hi all,
Recently I have been trying to install an aggregate link that has 2 physical member ports on the standalone Fortigate (311B) to connect to Juniper EX Virtual Chassis in order to increasing redundancy. I configured LACP on ae0 interface on EX Virtual Chassis and it has 2 member ports.
Here Topology:
[Internet-ISP]--------[Fortigate311B]===(an aggregate_link)====[Juniper EX Virtual Chassis(all LAN traffic)]
When I check the bundle ae0 on EX, it is up with all child interfaces. When I look at the fortigate side, it seems it is okay. default route and policy are okay. But traffic is not passing on aggregate link. What can misconfiguration be? What should I do fix this problem? Any idea please?
Thanks for your assisstance,
Erdal
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Does your juniper chassis show any learned mac_address?
show ethernet-switching table sum
Are you sing 802.1q tags? if yes are they allowed on the juniper side?
Do you have layer3 firewall policies bound on the L3 interface(s) on the fortigate?
Can you ping from the ip_address attached on the fortigate to another local device thru the bonded interface?
Is the netmask correct? & allowaccess ping is enabled?
Those would be the basic stuff for checking. if your bonded member are up, than you should beable to ping across the 803.ad bundle and the juniper FDB should be populated with the fortigate mac_adddress.
PCNSE
NSE
StrongSwan
Hi Mate,
Before answering your questions, for some reasons, I had set default factory settings of 311b Fortigate firewall. I am sorry I couldnt answer your questions. But I am very happy if you specify steps that configuring 2-member port on an aggregate link between 311B and EX4200 chassis.
Thanks
Erdal
FGT have CLI:
dia netlink aggregate list list of 802.3ad link aggregation interfaces name details of a specific 802.3ad link aggregate port determine which physical port a packet will exit on
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.