Hi
I have 2 Fortigates in A-P cluster. That should be connected to stacked Core switches using Port channel configuration. Since i am running out of 10G switch ports on core switch, i am not able to create 2 port channels to Master and Slave units.
So, i am planning to create a LACP trunk on Fortigate with only one member. LACP link from master goes to SW1 of core stack and LACP link from Slave goes to SW2 of core stack
FW1 Port 39 ---> Core switch stack SW1 -- te1/0/1
FW2 Port 39 ---> Core switch stack SW2 -- te2/0/1
I am not sure whether this will work since i am not able to test this in production. has anyone implemented this? Do i need to monitor individual interfaces than Aggregated link for HA fail over?
Does the Slave unit keep LAG member up and not process traffic? or Port 39 on Slave unit will be showing down?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
if different LAGs cannot be configured on the L2 switch, use the following command to prevent the subordinate units from participating in LACP negotiation with an aggregate interface ; note that in this mode, the failover time can be longer as it will include the LACP negotiation between the newly elected Primary Unit and the L2 switch.
config system interface edit <aggregate_name> set lacp-ha-slave disableThanks For reply
So, in this case, will it be like a single link from Fortigate to switch? There is no benefit of configuring LAG.
Can I connect Master to SW1 and Slave to SW2 of Core Stack and monitor the link for fail over; If SW1 fails, Slave takes Master role and process the traffic through SW2?
Yes!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1518 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.