we are running privately, so no EIP are associated with the LAN/WAN interfaces
so i created the M/S but when i create the HA the standby unit takes on the primary ip addresses of the master. when manual failover is initiated then traffic stops, the secondary ips and routes etc have been updated but i need to manually go onto the standby fortigate and change the ip addresses of the the LAN/WAN interfaces to what i originally set them to (different to the master primaries) before creating the HA.
If i then turn the master back online then the masters LAN/WAN interfaces are changed to that of the standbys, if i initiate a failover back to the master then again i need to change the ip addresses within the fortigate master to the primaries within AWS config and what i originally set :\
any ideas?
i worked this out in the end, will post a write up in a week. documentation/diagram needs updating by fortigate
mainly was my not understanding that you must'nt use the interface as a reference for doing NAT etc and must use the secondary ips for everything and yes the backup unit does change its local to fortigate ips.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.