Hi friends,
I need to design an A-P Geo cluster solution and I will be happy to get some help with it.
On the WAN interface, each one of the firewalls will need to have a different Public IP. That might be an issue since the firewalls replicate their interfaces configuration. Will it be possible to solve it with SD-WAN or secondary IP? In case the answer is yes, how can I combined this solution it with IPsec site2site tunnel and SSL VPN portal?
On the LAN side, there will be an IBGP connection to an IPVPN network. what is the best solution for that? can I use one router ID for both of them?
Hope I was clear enough. Thank you!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm not sure if I understand all your expectations. Let me explain what you can achieve with the following features:
- SD-WAN - you can add many interfaces, WAN, IPsec, etc. Packet will have different source IP depending which interface will be used
- for the SSL portal - you enable portal for the physical interface, so your users should know which one they want to login
- you mentioned iBGP and router ID, assuming you will have Active/Passive HA cluster only one device will process traffic
Let me know if I misunderstood something or something requires clarification.
SD-WAN is the product which is different for each version, I mean 5.6, 6.0, 6.2.0 or even 6.2.1 which also brings some changes.
This a frequent misconception about Fortigate HA. Some vendors allow it, some don't. WIth Fortigate it is clear as vodka - configuration of Active and Passive members has to be identical, no different public IPs for different members.
Basically, when you synchronize 2nd member of HA to the Active one, this transfers the configuration of the 1st/active member as is to the Passive member, deleting any difference if any (of failing to sync/create HA cluster because of the irreconcilable differences).
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1560 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.