- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Design Question - Cable connectivity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, at least for me. Switch segmentation by port-based VLANs.
For every physical port on the FGT, you need 3 switch ports: fgt1, fgt2 and destination. So, for bigger FGTs you might need a 48 port switch just for connectivity.
Just make sure the VLANs never exit the switch, i.e. port-based.
Years ago some switches had a problem with this. For each internal VLAN a separate MAC address table is needed, and some low-range switches didn't have that. Nowadays this design has always worked for me, with HPE, Avaya, Alcatel, DELL, H3C. Never tried out D-Link, Netgear, TP-Link.
One caveat:
NEVER run the HA link across a switch! The HA link is the most important connection in a cluster. If it breaks, BOTH units will become master and the network will break down. So, HA links always are direct cables (or fibers), and always at least 2x.