Hello,
we are using a fortigate in a hosted datacenter to connect/separate our servers to/from the datacenter router.
The datacenter provides redunant router connections through VRRP. (we got two ports to connect to)
My question is: how should I connect my 2 WAN IF to the two router ports that were provided to me?
Do I have add a VRRP virtual router to my WAN IF? Or is this SD-WAN?
Sorry, but I've never done this before...
Thanks for your help!
Christian Schindler
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Regularly a switch is placed in-between, so that FGT side (unless you have two FGTs) connects only one port to the switch with untagged or tagged VLAN interface to the switch. The switch then connects to the two routers at VRRP ports so whichever the master at a time can transmit/receive packets to/from the FGT, at that same time both routers can see the other's advertisement with VRRP protocol each other over the switch.
Thanks for your answer.
They provides two different switches for connections to the upstream router and I was told by the DC operator that we need to use VRRP if we want to use both connections.
They also have redundant GW IPs: So the first three IPs of the subnet are reserved for the GW IPs (one per GW and the third one as the HA address).
So somehow I need to configure my WAN IFs to use VRRP to be able to talk redundantly to these routers.
Thanks
Christian
That's odd. Of course VRRP takes up 3 IPs in the subnet: Virtual IP, which you need to use as GW, and two individual router IPs so that they can see each other to decide the master.
In that situation, the provider side should connect them through their switch(es) and provide one port to you.
Then you have to have your own switch to connect both their switch ports together and provide one port to your FGT. The VRRP in your case is for the GW router redundancy. Your FGT won't join their VRRP.
Thanks!
So you say I need a switch between the FGT and the providers router ports? And this switch connects to both provider ports and to one port of the FGT.
But then I have no availability from the FGT if one port should fail on the FGT, right?
Thanks
Christian
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.