Have two FGT 500D on HA. Currently, the LAN cable from both the FGT connects to a 2960x switch and a cable from 2960x connects to our Core Switch. all 3 ports being in the same vlan of course on the switch. This works. But is this the preferred design?
Yes, at least for me. Switch segmentation by port-based VLANs.
For every physical port on the FGT, you need 3 switch ports: fgt1, fgt2 and destination. So, for bigger FGTs you might need a 48 port switch just for connectivity.
Just make sure the VLANs never exit the switch, i.e. port-based.
Years ago some switches had a problem with this. For each internal VLAN a separate MAC address table is needed, and some low-range switches didn't have that. Nowadays this design has always worked for me, with HPE, Avaya, Alcatel, DELL, H3C. Never tried out D-Link, Netgear, TP-Link.
NEVER run the HA link across a switch! The HA link is the most important connection in a cluster. If it breaks, BOTH units will become master and the network will break down. So, HA links always are direct cables (or fibers), and always at least 2x.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.