Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
harsh_mittal
New Contributor II

Connecting HA Cluster Firewalls to another HA cluster

Hi, We have two firewall clusters (Firewall 1 and Firewall 2), directly connected to each other as per Image below in Active Passive mode. 

 

Capture1.JPG

 

The problem I am facing here is, If any link on Firewall 1A goes down, Firewall 1B will become primary but there will not be any change over from Firewall 2A to Firewall 2B as none of the link goes down on Firewall cluster 2. In that case, Network connection to ICSS is not reachable even we have complete redundancy in the firewall. Could u please suggest any config to make this work, when link goes down on Cluster 1, accordingly primary firewall on cluster 2 will change and route the data between Telecom and ICSS network and vice versa.

Capture2.JPG

 

 

 

4 REPLIES 4
pbangari
Staff
Staff

Hi, 

If I understand correctly, these two HA clusters are independent of each other, so in this scenario, you need to have a L2 switch connecting all the ports port3, port3 from Fortigate1(s) and port1, port1 from Fortigate2(s).

harsh_mittal

yes, these two HA clusters are independent to each other. Is there any other solution do we have apart from having a switch between?

pbangari
Staff
Staff

No, I cannot think of anything else but having a L2 switch in between.

harsh_mittal

Thanks. I was thinking to have a cable in mash configuration with 2 static route to same destination with different administrative distance from the different hop. Will it be a nice idea to proceed? I might need to write more firewall policy to same destination but with different destination. Capture1.JPG

Top Kudoed Authors