hello all,
I have two Nexus 9000 switches connected via a vPC Peer Link. Two catalyst stacks are also connected to both NX's via vPC's. How can I be able to have redundant paths between the fortigate and the NX's? Do I set up a "hardware switch" with two ports on the Fortigate.. and then run one cable to NX1 and one to NX2? Do I need to vPC those?
Obvious goal being if one of the NX goes down.. traffic will still go over the other one.
Thanks! Happy to provide more details if needed.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi, I think the best will be LACP https://docs.fortinet.com...egation-and-redundancy
On thes NXOS just build a virtPC and populate the Aggregation LACP on each fortigate to the NX-SW1 and SW2. if you have a active-standby do the same for the stand-by fgt
So keep in mind you will burn 2x members ports for the connection and both should be the same type and on the same switch fabric.
Ken Felix
PCNSE
NSE
StrongSwan
hi Ken,
just making sure I'm being clear. I only have 1 fortigate firewall.. and two NX switches. Assume that changes some of your guidance a bit..
No just build the LAg group to the two NX switches.
config system interface edit "bonded" set vdom "root" set type aggregate set alias "NX-VPC-portchannelXXX" set lldp-reception disable set lldp-transmission enable set snmp-index 24 set member port1 port2 set ip. x.x.x.x/30 set allowacces ssh ping end port1 goes to NX-SW1port2 goes to NX-SW2 Ken Felix
PCNSE
NSE
StrongSwan
Apologies. So right now my main uplink is in a "hardware switch ("LAN" 172.16.0.2) on the fortigate from port1 to NX1. Seems like you're saying create a new "interface" of type = 802.3 Aggregate on the Fortigate.. assign two ports to it, one to NX1 one to NX2. Do the ports on the NX's need to be in a vPC?
Also, considering my rules are all set up for "lan > wan" .. I probably have to change all my rules for the new interface (aggregate)? Picture attached just in case it helps.
Appreciate the hand holding =) Goal simply being if NX1 goes down, traffic intended to/from internet goes over NX2 or vice versa. Thank you!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.