Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
saikrishnatallam09
New Contributor

Configuring Hub Spoke on Oracle Cloud Infrastructure with FortiGate

As per the architecture explanation, the traffic from the ON-Premise Data center routes to the Fortinet FortiGate VM in through the untrust subnet. However, in the diagram (North-south inbound traffic) if we look at the Hub VCN Ingress route table, the traffic coming from on premise is routed to Secondary IP of Port 3 which is a trust subnet. Can someone clarify here ?


https://docs.oracle.com/en/solutions/secure-oci-workloads-fortigate/index.html#GUID-40CF25A9-E13A-4C...

SKT
SKT
4 REPLIES 4
Stephen_G
Moderator
Moderator

Hello saikrishnatallam09,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
Stephen_G
Moderator
Moderator

Hello saikrishnatallam09,

 

We are still looking for someone to answer your query and will respond to you as soon as possible.


Thanks,

Stephen - Fortinet Community Team
Stephen_G
Moderator
Moderator

Hello saikrishnatallam09,

 

It seems that this is because the architecture in place in the diagram consists of an A-P cluster, which is why the RT points to a secondary IP. I hope that clarifies things.

 

Kind regards,

Stephen - Fortinet Community Team
sbaugh_FTNT
Staff
Staff

Hi,

 

Secondary IP's are used for the failover mechanism and are moved between A-P members, so the RT needs to point to the secondary IP.

 

  1. Failure of the active firewall is detected by the passive firewall.
  2. The passive firewall makes an API call from the management interface.
  3. Changes to OCI are made:
    1. Secondary IP’s is moved from firewall one untrust interface to firewall two untrust interface.
    2. Secondary IP’s is moved from firewall one trust interface to firewall two trust interface.

 

 

OCI.jpg

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors