- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FG based HA - dual internet circuits - Cisco DMVPN pass through
Hi All,
Good day!
I have a very specific environment. Diagram attached.
- I have two Internet circuits from two providers trying to achieve diversity
- Planning to connect these two circuits to two FG devices - not decided if I have to do a Active/passive or Active active
- I have an existing environment where my Cisco based DMVPN is running. which I need to run for a few more months and eventually move them to Fortinet SD-WAN
- For now my plan is to connect these two FG devices and run them as a CPE to pass the DMVPN setup
- Can I configure the FG's as layer 2 ( switch mode) configure the HA which might pass all the DMVPN?
- Any specific observations here?
- After the FG's Do I need two switches to connect to the DMVPN router?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Bstan
You can setup FGT firewall in transparent mode, basically it will work similar to a 'switch'.
Technical Tip: FortiGate Transparent Mode Technical Guide
Technical Tip: Transparent mode best practices
Technical Tip: Features not supported in Transparent Mode
Technical Tip: How to create VDOM with Transparent mode
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @DPadula
Thank you for the notes. With the FG 60's configured as transparent can I achieve the Active/passive for two ISP's without any issues?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Bstan
The question is not that simple, I cannot say that your implementation will be done without issues or even what kind of issue you will face. You need to design and test it to understand the challenges that you might face during the implementation phase.
Besides the suggestion above you can also contact the Fortinet Professional Service as ask for help, for sure they might have done this type of deployment in the past and will be able to help you out.
More references:
Active-active HA in transparent mode
Transparent mode A-P packet flow
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all
In the above scenario, If I keep the FG 60 F in transparent mode can I reach the fortimanager cloud?
What are the alternate options to connect transparent devices to forti Manager cloud?
