We have two firewalls connected to x2 different ISPs. We are looking for DHCP to be configured on both however really interested to know how DHCP failover would work .e.g if Firewall 1 WAN connection is down only then clients should be able to get a DHCP lease from Firewall 2.
Please can someone suggest.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you share some more details on the connectivity/design.
Are these 2 firewalls in cluster (FGCP/FGSP)?
The DHCP clients are connected to same LAN?
How are the clients connected to these 2 fortigates?
@srajeswaran these two firewalls are not in HA cluster and working independtly at the moment. However I am looking for some suggestions as whether to setup HA active-passive and failover this way.
Solution looks like
ISP1 -> WAN1 - Fortigate1- Switch A-- Switch B -- Switch C-- clients connect via wired and APs
ISP1 -> WAN2 - Fortigate2- Switch A --Switch B -- Switch C-- clients connect via wired and APs
If both firewalls are not in HA cluster, I don't think failover's gonna work. I would suggest configuring them as an HA cluster.
Regards,
You may explore the VRRP option. Enable VRRP between FGT1 and FGT2, use VRRP IP as gateway on LAN/DHCP clients. VRRP failover can be configured based on the ISP link state .
Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-VRRP-Active-failover-with-link-monitor/ta-...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.