I have two FortiGates running in a HA cluster (Active/Passive). Each FortiGate is located in a server room. Now I would like to increase the redundancy or failover.
In each server room there are also two switches installed to which the VMWare hosts are wired. Now I would like to distribute the FortiGate per server room to the two switches. By this I mean that I want to connect the LAN interface once to switch 1 and once to switch 2.
What do I have to do for this? I can configure a virtual interface and put the interfaces there. But I have hardware switch / software switch and redudant interface available.
The goal is simply that the FortiGate is still accessible, should one switch fail - and as I said, I would have to configure this on both FortiGates per server room.
Exactly, I can't connect one LAN interface to two switches. Hence the question above.
From your link I see the following configuration:
FortiGate A in server room 1: I create a redudant interface with (as an example) port 4 and port 5 as member. Port 4 to Switch 1, Port 5 to Switch 2. If now switch 1 fails, the traffic from port 5 is forwarded to switch 2. Correct? How do I build this setup correctly if the FortiGate is configured in a HA (active/passive)? In the second server room, I would also connect the FortiGate B with port 4 to Switch 1 (second server room) and port 5 to Switch 2 (second server room). Do these interfaces also have to be configured as monitored interfaces in the HA configuration? Or should I only monitor the external (Internet) interfaces there?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.