Connecting HA Cluster Firewalls to another HA Cluster Firewalls

Network-Eng2022 · ‎04-24-2023

I have an 2 seperate HA Active-Passive Cluster of Fortigate Firewalls.

I want to connect the first cluster to other cluster without introducing any switches in between in a full mesh connectivity. This is required to achieve full redundancy between the 2 HA clusters.

What is the best practice in achieving the above? Is creating Redundancy Interface and add 2 10GB port to this interface on both will do the job?

srajeswaran · ‎04-24-2023

Please check if FGSP clustering between the current clusters is the solution for you.

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/668583/fgsp

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Network-Eng2022 · ‎04-25-2023

I have checked the document shared.

Actually what I am trying to achieve is connect 1 HA Cluster (Active-Passive) (Site-A) to another HA Cluster (Active-Passive)(Site-B) through direct fiber cables in a full mesh.

srajeswaran · ‎04-25-2023

Can you confirm how is the traffic flow through these 2 clusters? A full mesh HA is to avoid a single point of failure in network, something like below.

In your setup, you have 2 HA, are they redundant to each other? If so, how is the sessions synced between them and how is the traffic flow.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

gfleming · ‎04-25-2023

Is there a reason you don't want to use switches in between?

Cheers,
Graham