Hi Fortinet/F5/Cisco Experts,
here is the setup(disregard interface 1.4 on F5),
F5-LC: active-standby using trunk (LACP) and Tagged and connected fullmesh to the switches Fortinet: active-active and not connected in full-mesh to the switches Stacked Switch with port channels facing F5
Fortinet 1 is connected to Switch1 and Fortinet 2 is connected to switch 2.
Scenario:
Host PC behind the fortinet can access the internet when F5-LC1 is active, but when we perform the failover, and F5-LC2 becomes active, some of the hosts have intermittent connections going to internet and come hosts cannot connect to the internet at all.
Question:
what configuration on switch and fortinet can be added given that fortinet is not connected in full mesh with the switch. Or is it really necessary to connect the fortinet in full mesh with the switch?
I cannot see any config issue with F5.
please see network diagram. Note: nevermind the 1.3 interface on F5 and there is a link between stack switches
So on the two switches, Are you 100% sure the ports are configure correct and the same? When you fail from the traffice-grp1 active--->standby have you dumped on the interface 1.Xs to see if traffic is exiting the F5?
Is it save to assume the f5 are using a floating-ip? Are hosts with intermittent access , are they nailed to the former Active ?
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.