Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ck8882
New Contributor II

Created on ‎08-19-2023 03:28 AM

FGCP Virtual Clustering failover traffic flow

HI All,

 

May i know is it should have link-connection between Switch1 (internal) and Switch2 (Engineering network) in virtual cluster diagram below? Without the link-connection between Switch, once either switch fail/spoil, which is mean the either one traffic unable access anymore (Single leg connection)?

 

From my limitation knowledge, the switch should be "stacked" or have inter-link connection? Am i correct with my understanding? 

 

Appreciate if anyone could share the idea and advise.

 

Virtual Cluster.JPG

Labels:
670
0 Kudos
3 REPLIES 3
abarushka
Staff
Staff

Created on ‎08-21-2023 12:41 AM

Hello,

 

I could find both designs (full mesh and not full mesh) in the documentation. Please find the details by following the link below:

 

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/432823/full-mesh-ha-example) (full mesh)

 

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/531352/high-availability-with-two-fortig... (not full mesh)

FortiGate
645
0 Kudos
qasimbashir6242
New Contributor III

Created on ‎08-21-2023 01:01 AM

Hey there, it seems like you're discussing the network setup for FGCP Virtual Clustering failover traffic flow. To answer your question, having a link-connection between Switch1 (internal) and Switch2 (Engineering network) in the virtual cluster diagram is generally a good practice for ensuring redundancy and failover capabilities.

Without the link-connection between the switches, you might encounter issues if one switch fails or experiences a problem. Having a connection between them allows for better communication and failover in case of such scenarios. This setup enhances the reliability of your virtual cluster, ensuring that the failover traffic can flow smoothly between the switches when needed.

If you have any further questions or concerns about your network setup, feel free to share more details or ask for clarification.

641
0 Kudos
ck8882
New Contributor II
In response to qasimbashir6242

Created on ‎08-23-2023 05:34 PM

HI qasimbashir6242, abarushka,

 

Thanks for the information. It's useful to me. Could you see design is it valid and workable below.

 

From what i understand, FGT HA couldn't be form  with LACP if there is no stacking devices. Please correct if i'm wrong.

 

Hence I'm curious to know how is the traffic or failover will be happen with design below? Would the traffic will go through router 2 via LACP2 and cause the looping if FGT1 is primary device.

 

ThanksLACP.JPG

614
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.