Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
muhammadsaad
Contributor

Created on ‎05-29-2025 11:25 AM

Fortigate Firewall with FortiSwtich along with High availability of both

Hello Team,

We have deployed the FortiGate Firewall-201G in HA (Active-Passive) mode. Due to port limitations, we have connected a FortiSwitch (model 148F) to each firewall. These switches are managed through the firewalls.

Currently, we are facing an issue: only the FortiSwitch connected to the primary firewall is coming online. However, we want both switches (connected to the primary and secondary firewalls) to stay online.

Additionally, while the firewalls are in HA mode and have failover configured, the switches do not have any failover setup. This means if one switch goes down, traffic cannot switch over to the secondary switch, which creates a single point of failure.

We have tried using crossover connections and the FortiLink split interface feature, but were not successful. We also noticed that the MC-LAG option is not available on the FortiSwitch 148F.

Could you please advise on the best way to configure failover for both FortiSwitches connected to the primary and secondary firewalls?

Thank you for your support.

Labels:
711
0 Kudos
2 Solutions
sjoshi
Staff
Staff
In response to muhammadsaad

Created on ‎05-29-2025 10:45 PM

You need to setup a cross connection between FGT and FSW

There are multiple topology diagram you can refer once

https://docs.fortinet.com/document/fortiswitch/7.6.1/fortilink-guide/617516/determining-the-network-...

If you have found a solution, please like and accept it to make it easily accessible to others.
Fortinet Certified Expert (FCX) | #NSE8-003459
Salon Raj Joshi

View solution in original post

629
Demir25
New Contributor III

Created on ‎06-01-2025 10:53 AM

Hi, make a cross connection, connect also FortiSwitches with each other and enable split interface.

View solution in original post

550
0 Kudos
6 REPLIES 6
Demir25
New Contributor III

Created on ‎05-29-2025 02:04 PM

Hi Muhammad, 

do you have a network topology for a better view of it? Are you using an aggregate interface on Fortigate for the switch connectivity? Are Switches connected with each other? For the Switch failover you can setup Monitor interfaces on the Fortigate Firewall on HA configurations. If one of the monitored interfaces connected to the Switch goes down this means the Fortigate will failover so the secondary Fortigate will handle the traffic.

679
muhammadsaad
Contributor

Created on ‎05-29-2025 06:10 PM

Hi,

Thanks for your reply. Please find below the network topology.

topology.png

- We are using fortlink interface option in the firewall for the switch connectivities and assign both the ports on one aggregate.

- Switches are not connected with each other so far.

- Right now due to interfaces issue on the fortigate firewall we don't have any interface for the setup monitor interfaces on the fortigate firewall.

 

Please guide and share your input, what will be the workout for this as we want to establish a connectivity that just like firewall, switches have auto failover option as well. Please let us know what configurations and connectivity's we further need to do for this to work.

Thanks

652
0 Kudos
sjoshi
Staff
Staff
In response to muhammadsaad

Created on ‎05-29-2025 10:45 PM

You need to setup a cross connection between FGT and FSW

There are multiple topology diagram you can refer once

https://docs.fortinet.com/document/fortiswitch/7.6.1/fortilink-guide/617516/determining-the-network-...

If you have found a solution, please like and accept it to make it easily accessible to others.
Fortinet Certified Expert (FCX) | #NSE8-003459
Salon Raj Joshi
630
muhammadsaad
Contributor

Created on ‎05-30-2025 02:02 AM

Alright, so i just to make a cross connection and enable the forti-link split interface.

By doing this, both fortiswitches will show online with redundancy?
Please confirm

Thanks for the support

611
0 Kudos
Demir25
New Contributor III

Created on ‎06-01-2025 10:53 AM

Hi, make a cross connection, connect also FortiSwitches with each other and enable split interface.

551
0 Kudos
muhammadsaad
Contributor

Created on ‎06-03-2025 05:21 AM

Alright, thanks for the help
Much appreciated.

489
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.