Hello,
I am just creating a security fabric out of our three firewall systems
- FG501E HA-Cluster (site1, fabric root, 7.0.9)
- FG60E (site2, fabric member, 7.0.9)
- FG61F (site3, fabric member, 7.2.3)
Both the 60E and 61F are connected via site-to-site VPN created by the integrated wizard.
I configured the tunnel interfaces, gave them IP addresses and created the required static routes.
The 60E is joining the fabric without any issues, the 61F does not. All the traffic to the root fabric is blocked:
Maybe you do have any idea or hint what I may be missing out here.
I already chatted with the Forti Support to verify that the newer firmware is no problem joining the cluster as it is supported.
Thank you in advance and kind regards
Marius
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I am on 7.0.9 myself, so like mentioned, if the fabric requirement has changed, this is something new as of 7.2. I can guarantee 7.0 and below, it had to be on the exact same code, even down to the minor rev...i.e.. could not even have 7.0.8 be in fabric with 7.0.9.
Unless something has just changed with this technology I'm unaware of, for the FortiGates to participate in Security Fabric, they all have to be on the exact same fortiOS. So your site 3 would need to be at 7.0.9 or you'd have to upgrade site 1 and 2 up to 7.2.3.
Hey Cajuntank,
thank you for the answer. This is what I first thought of and to confirm this I contacted Fortinet Support, which told me that there is no problem joining a root fabric with a newer firmware.
I will open a TAC case to confirm your answer. Thanks again!
I am on 7.0.9 myself, so like mentioned, if the fabric requirement has changed, this is something new as of 7.2. I can guarantee 7.0 and below, it had to be on the exact same code, even down to the minor rev...i.e.. could not even have 7.0.8 be in fabric with 7.0.9.
I just downgraded to 7.0.9 from 7.2.3 without any issues as we do not have much configured on site3 yet. And I can confirm that it works as expected now.
Thank you very much and have a nice day!
Good call. 7.0.9 is a Mature release and so far for me has been rock solid. Glad I could help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.