- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate HA Active/Active setup
I am trying to achieve a FGT cluster in our DC. Right now we are using just one 60D, but we would like to go to a dual 60D setup. Looking for some input here.
Our DC is giving us two uplinks with VRRP/HSRP configured.
Do I need to insert two switches like in the picture? Or can I leave them out and connect one uplink to one FGT and then setup the cluster? What kind of switches would I need here? Any recommendations?
I probably need to cross the WAN2 lines so that each fortigate has a line to both switches.
The Fortigate HA link will be 2x 1gbit.
I still don't completely understand the VRRP concept. I understand that this means that a DC/ISP backup router is available for us, but what exactly do I configure in the fortigate(s) to make use this feature?
- Labels:
-
5.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your diagram is good. You can use any switch as far as that goes so I'm not following your question. The cookbook has various deployment for HA. You might want to review the cookbook.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The DC uplinks are 100Mb each. I was wondering if I could use any simple/unmanaged switch there? Does not have to be something with dual PSU or Managing features?
And what about VRRP? Is that something I configure in the Fortigate as well? Or do I just point everything to gateway .225 and then if there is a problem with the DC equipment the failover will happen automatically?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes Managed or Unmanaged ( your choice ) and yes your using the HSRP vip address you don't configure anything vrrp related on your side.
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I don't expect Mark to be utilising HSRP as the FHRP as that's Cisco Proprietary.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes that'sa typo I seen vrrp and mistakenly saiid hsrp. But his next-hop will be the vrrp vip.
PCNSE
NSE
StrongSwan
![](/skins/images/EC12350B26E3A30E8BDB0075C9F4DA72/responsive_peak/images/icon_anonymous_message.png)