Fortigate 100F ( HA Cluster ) Link Aggregation for multiple vDoms

Matthew1 · ‎02-08-2021

Hello to all,

Iám new to the Fortinet Products.

At the moment i concern onself with the Fortigate 100F Firewall.

Question:

It is possible to configure one LACP link (with to ports) to a Switch, when i use multiple vDoms on the Fortigate 100F

and this Fortigate is also in a HA Cluster.

Because i read the below in the FortiOS 6.4.4 Adminstration Guide on Page 397:

Aggregation and redundancy

An interface is available to be an aggregate interface if:

[size="3"]It is in the same VDOM as the aggregated interface. [style="background-color: #ffff00;"]Aggregate ports cannot span multiple VDOMs[/style][/size]

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/7d5dfa98-3a77-11eb-96b9-005056...

Does this mean i need a dedicated Interface pair per vDOM ?, or can i use Vlan´s on the 802.1q Trunk and then

use one Vlan per vDom ?

Any recommendation / example configuration would be great.

Thank you.

[size="2"] [/size]

Toshi_Esumi · ‎09-06-2023

I wouldn't concern much. It's just L2 interface. If you sniff it at root vdom, it would just show like below:

fgxxx (root) # diag sniffer packet down_link
interfaces=[down_link]
filters=[none]
0.711052 802.1Q vlan#3 P0
0.730212 802.1Q vlan#3 P0
0.751162 802.1Q vlan#3 P0
0.751182 802.1Q vlan#3 P0
0.751353 802.1Q vlan#3 P0
0.906159 stp 802.1w, rapid stp, flags [learn, forward, agreement], bridge-id 8000.20:cf:ae:13:68:19.83e8
1.046609 802.1Q vlan#3 P0
1.055343 802.1Q vlan#3 P0
1.108825 802.1Q vlan#3 P0
1.660195 802.1Q vlan#3 P0

Besides, root vdom is your management vdom and nobody outside would come in.

Toshi

Fortigate 100F ( HA Cluster ) Link Aggregation for multiple vDoms

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website