FG-201F HA Setup using different LAN interfaces at each of members

FortiM · ‎03-08-2023

Hello all,

I have a question regarding HA setup, i want to use different lan port at HA setup. Is that possible? For example, Two devices ha setup, wan port are the same at both devices and for lan port, i would like to use 10G port for primary device and 1G port for Secondary device. Is that possible to setup HA for these two ? Please check in reference scenario.

Much appreciate for the reply.

srajeswaran · ‎03-08-2023

Configuring an HA requires you to use identical setup between the member nodes so that the sessions can be synced and failover works fine.
Is there any specific reason for not using the same links on both nodes?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

FortiM · ‎03-08-2023

Thanks @srajeswaran

correct. we have specific reason not using same links on both. currently we use 10G cable between switch and firewall. Now customer want to do HA purchasing another FG and they do not want to purchase one more 10G. That's why.

srajeswaran · ‎03-09-2023

They need to use the same interfaces on both members. Lets say, the 10G interface is port1 and 1G interface is port2.

In case of failover, the new node expects the sessions using port1 to continue using port1 and port2 sessions to continue with port2.
Sessions using port1 cannot be moved to the other node when port1 is down on that node.
Also, lets say if the 10G port as more than 1G traffic, how will the new node handle the traffic exceeding 1G (capacity).

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

FortiM · ‎03-09-2023

Thanks for the suggest @srajeswaran . I will plan to use the same ports in both.