Hello everyone
I'd like some insight on the following
I have two fortigates in a cluster both in A-A. Sync is working fine, the links from the cluster are terminating on a switch. Ideally, what i would have done is configure a port channel and set a random vlan for it for the incoming interfaces from the cluster. I would then set the same vlan for the outgoing interface.
In a scenario where vlans have been defined at the switch level and the outgoing interface has a vlan already configured on it. What would be the best practice ?
Hi @CHAMPE ,
I am not sure If I could completely understand your use case.
But here is a quick reference to Active-Active HA Setup.
With respect to VLAN and Port channel, if you have limitation on the availability of separate ports for inside and outside, you can have port channel configured on Fortigate and Switch and use sub interface with different VLAN ID's for Inside and Outside.
Best Regards,
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2647 | |
| 1405 | |
| 810 | |
| 690 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.