Hi, We have two firewall clusters (Firewall 1 and Firewall 2), directly connected to each other as per Image below in Active Passive mode.
The problem I am facing here is, If any link on Firewall 1A goes down, Firewall 1B will become primary but there will not be any change over from Firewall 2A to Firewall 2B as none of the link goes down on Firewall cluster 2. In that case, Network connection to ICSS is not reachable even we have complete redundancy in the firewall. Could u please suggest any config to make this work, when link goes down on Cluster 1, accordingly primary firewall on cluster 2 will change and route the data between Telecom and ICSS network and vice versa.
Hi,
If I understand correctly, these two HA clusters are independent of each other, so in this scenario, you need to have a L2 switch connecting all the ports port3, port3 from Fortigate1(s) and port1, port1 from Fortigate2(s).
yes, these two HA clusters are independent to each other. Is there any other solution do we have apart from having a switch between?
No, I cannot think of anything else but having a L2 switch in between.
Thanks. I was thinking to have a cable in mash configuration with 2 static route to same destination with different administrative distance from the different hop. Will it be a nice idea to proceed? I might need to write more firewall policy to same destination but with different destination.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.