I have two Nexus 9000 switches connected via a vPC Peer Link. Two catalyst stacks are also connected to both NX's via vPC's. How can I be able to have redundant paths between the fortigate and the NX's? Do I set up a "hardware switch" with two ports on the Fortigate.. and then run one cable to NX1 and one to NX2? Do I need to vPC those?
Obvious goal being if one of the NX goes down.. traffic will still go over the other one.
No just build the LAg group to the two NX switches.
config system interface edit "bonded" set vdom "root" set type aggregate set alias "NX-VPC-portchannelXXX" set lldp-reception disable set lldp-transmission enable set snmp-index 24 set member port1 port2 set ip. x.x.x.x/30 set allowacces ssh ping end port1 goes to NX-SW1port2 goes to NX-SW2 Ken Felix
Apologies. So right now my main uplink is in a "hardware switch ("LAN" 172.16.0.2) on the fortigate from port1 to NX1. Seems like you're saying create a new "interface" of type = 802.3 Aggregate on the Fortigate.. assign two ports to it, one to NX1 one to NX2. Do the ports on the NX's need to be in a vPC?
Also, considering my rules are all set up for "lan > wan" .. I probably have to change all my rules for the new interface (aggregate)? Picture attached just in case it helps.
Appreciate the hand holding =) Goal simply being if NX1 goes down, traffic intended to/from internet goes over NX2 or vice versa. Thank you!!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.