Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DannyV
New Contributor

Created on ‎10-02-2024 08:24 AM

Fortigate 50G-SFP, Dual WAN

Hi, 

The Fortigate 50G-SFP documentation does not specify whether the SFP port can function as a secondary WAN. Does anyone have information about this?

 

Thanks!

Labels:
629
0 Kudos
1 Solution
johnathan
Staff
Staff
In response to DannyV

Created on ‎10-02-2024 10:50 AM Edited on ‎10-02-2024 10:51 AM

The only real difference between interfaces, apart from the label, is how the ports are hooked up to the NPU.
For example, on larger units the HA or MGMT ports are not NPU accelerated. You probably shouldn't use these for heavy traffic, but you can do it if you want.
Generally, all SFP and general ports are always NPU accelerated.

You can refer to the fastpath document to confirm this for each model.
See this for the 50G: https://docs.fortinet.com/document/fortigate/7.0.12/hardware-acceleration/201529/fortigate-50g-and-5...
For this model, all ports are NPU accelerated and there will not be any difference when configuring one of those ports as a second WAN link. 

"Never trust a computer you can't throw out a window."

View solution in original post

582
6 REPLIES 6
johnathan
Staff
Staff

Created on ‎10-02-2024 09:32 AM

You can use whatever port you want for the WAN, FortiOS does not place any restrictions for this. 

"Never trust a computer you can't throw out a window."
605
0 Kudos
DannyV
New Contributor
In response to johnathan

Created on ‎10-02-2024 09:56 AM Edited on ‎10-02-2024 10:10 AM

Thanks for the response.  I noticed that many Fortigate models, like the 50G-SFP-PoE model includes two WAN ports.  What's the difference between this and, for example, a SFP port as a secondary WAN? Any limitations?  Can be used in a SD-WAN?

593
0 Kudos
johnathan
Staff
Staff
In response to DannyV

Created on ‎10-02-2024 10:50 AM Edited on ‎10-02-2024 10:51 AM

The only real difference between interfaces, apart from the label, is how the ports are hooked up to the NPU.
For example, on larger units the HA or MGMT ports are not NPU accelerated. You probably shouldn't use these for heavy traffic, but you can do it if you want.
Generally, all SFP and general ports are always NPU accelerated.

You can refer to the fastpath document to confirm this for each model.
See this for the 50G: https://docs.fortinet.com/document/fortigate/7.0.12/hardware-acceleration/201529/fortigate-50g-and-5...
For this model, all ports are NPU accelerated and there will not be any difference when configuring one of those ports as a second WAN link. 

"Never trust a computer you can't throw out a window."
583
DannyV
New Contributor
In response to johnathan

Created on ‎10-02-2024 11:32 AM Edited on ‎10-02-2024 11:51 AM

I thought I needed the SFP because the Fortigate 50G only has one WAN port. It's good to know that I don’t need the SFP since I can just convert one of the LAN ports into a second WAN.

 

Given your previous explanation, why does Fortinet identify only the PoE version as dual WAN, when other models in the same 50G series can also be configured for dual WAN? In the screenshot I attached you can see they identify some models with one hardware accelerated WAN ports and other models with two.  I think they do the same with the 30G and 40F.  Any reason for this?

Fortigate 50G Specs Comparison.png

570
0 Kudos
johnathan
Staff
Staff
In response to DannyV

Created on ‎10-02-2024 12:05 PM

I had a look at the schematic for the 50G-SFP vs the 50G-SFP-POE, it looks like for the POE version the RJ45 WAN port is not in the same physical switch as the rest of the RJ45 ports. I think the only tangible difference to the end user would be that you cannot add all 4 RJ45 ports into a hardware switch, whereas the non-POE would be fine with you doing this. 

"Never trust a computer you can't throw out a window."
526
0 Kudos
DannyV
New Contributor
In response to johnathan

Created on ‎10-02-2024 12:12 PM

That makes sense. 

 

Thanks!...

522
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.