Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ck8882
New Contributor II

FGCP Virtual Clustering failover traffic flow

HI All,

 

May i know is it should have link-connection between Switch1 (internal) and Switch2 (Engineering network) in virtual cluster diagram below? Without the link-connection between Switch, once either switch fail/spoil, which is mean the either one traffic unable access anymore (Single leg connection)?

 

From my limitation knowledge, the switch should be "stacked" or have inter-link connection? Am i correct with my understanding? 

 

Appreciate if anyone could share the idea and advise.

 

Virtual Cluster.JPG

3 REPLIES 3
abarushka
Staff
Staff

Hello,

 

I could find both designs (full mesh and not full mesh) in the documentation. Please find the details by following the link below:

 

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/432823/full-mesh-ha-example) (full mesh)

 

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/531352/high-availability-with-two-fortig... (not full mesh)

FortiGate
qasimbashir6242
New Contributor III

Hey there, it seems like you're discussing the network setup for FGCP Virtual Clustering failover traffic flow. To answer your question, having a link-connection between Switch1 (internal) and Switch2 (Engineering network) in the virtual cluster diagram is generally a good practice for ensuring redundancy and failover capabilities.

Without the link-connection between the switches, you might encounter issues if one switch fails or experiences a problem. Having a connection between them allows for better communication and failover in case of such scenarios. This setup enhances the reliability of your virtual cluster, ensuring that the failover traffic can flow smoothly between the switches when needed.

If you have any further questions or concerns about your network setup, feel free to share more details or ask for clarification.

ck8882

HI qasimbashir6242, abarushka,

 

Thanks for the information. It's useful to me. Could you see design is it valid and workable below.

 

From what i understand, FGT HA couldn't be form  with LACP if there is no stacking devices. Please correct if i'm wrong.

 

Hence I'm curious to know how is the traffic or failover will be happen with design below? Would the traffic will go through router 2 via LACP2 and cause the looping if FGT1 is primary device.

 

ThanksLACP.JPG

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors