Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RobinR06
New Contributor

Created on ‎07-13-2023 03:07 AM

Fortigate 100f Active-Passive HA not working as expected

Hello everyone,

 

we have recently bought two Fortigate 100f Firewall and set them Active Passive HA mode.

One would expect 1 Firewall to be active and 1 to passive, as the name suggests. But it looks like both are active?

The thing is, if I attach a Layer2 Switch with an IP address to FW1, it works and I can ping it. Just like expected.
If I connect the same Switch to FW2 only, it works and I can ping it. Strange, because FW1 is active?
If I connect the same Switch to FW1 and FW2 (for redundancy) my networks goes down, my laptop hangs and I cannot ping a thing. So looks like a double IP address issue. 

So what am i doing wrong? Or do I not get how Active-Passive is suppose to work?thumbnail_image.png

Labels:
2387
0 Kudos
13 REPLIES 13
RobinR06
New Contributor

Created on ‎08-23-2023 05:25 AM

Thanks all for the help. I figured out the problem is not really in HA, but in the Hardware Switch.
We have configured a Hardware Switch with ports 5, 6, 7 and 8.
We thought Active-Passive means 1 firewall works, and 1 is passive. But If we pull out 1 device on the active firewall, the port on the secondary firewall becomes active. So the passive firewall port takes over.

And if we put a device on both firewalls, the whole setup reacts like one big hardware switch (instead of active/passive) and we get a loop as if it is a normal switch.

382
0 Kudos
JesperAP
New Contributor
In response to RobinR06

Created on ‎03-19-2024 10:30 AM

Hi Robin,

 

I am currently having the same issue I think,

 

Can you explain how you fixed it with the hardware switches?

236
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to JesperAP

Created on ‎03-19-2024 10:44 AM Edited on ‎03-19-2024 10:47 AM

@JesperAPMost unlikely your network set up with two FGTs and external switches as well as hardswitch setup is the same with the original poster's.
Please start a new thread and explain your HA problem in detail hopefully with a diagram so that anyone can contribute to resolve your issue.

 

Toshi

233
0 Kudos
RobinR06
New Contributor
In response to JesperAP

Created on ‎03-20-2024 01:46 AM

Hi Jesper, we still have not resolved the issue properly.
What we did is place some normal dumb switches between the Fortigates and the rest of the network. So we don't use the firewalls als switches anymore.

204
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.