Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Wh1teWolf
New Contributor

Created on ‎01-14-2026 04:37 AM

Connect two Fortigate HA-Clusters directly

Hi everyone,
I have the following scenario:

Two Fortigate HA clusters (active/passive |100E v7.2.10) are currently in operation in the customer environment. The two clusters are currently connected by a fiber optic cable. A transfer network and an IPSec VPN have been configured between the links. If an HA failover occurs on one of the clusters, the other cluster must always switch over so that data traffic can continue, because there is only one link between the firewalls.

 

Now the links between the firewalls will be expanded to four, as shown in the image below.

Unfortunately, there is no switch in between, so the firewalls need to be connected directly to each other.

 

My first thought would be to configure an additional IPSec tunnel on both clusters via port 15 and put both IPSec tunnels in an SD-WAN zone. Adjust routing and policies on the SD-WAN zone. Health checks via ping on peer tunnel IP and in SD-WAN rule tunnel via port 16 should be preferred and port 15 backup.

Would that be a viable option, or is there perhaps an alternative solution?

 

13-01-2026_16-19-46.png

 

Labels:
143
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎01-14-2026 05:06 AM

Hi

Did you try with software switch / hardware switch?

AEK
AEK
133
Wh1teWolf
New Contributor
In response to AEK

Created on ‎01-14-2026 05:21 AM

Nothing has been configured yet; I am still in the planning phase.

Ialso thought about that option, but I wasn't sure if it would work. Testing is a little bit difficuilt because it's an productive environment and i haven't two test ha clusters.

124
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎01-14-2026 09:24 AM

I wouldn't try direct connections, which could/would cause headaches, if not trouble, in the future. A decent 8 port switch isn't too expensive.

Toshi 

90
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.