Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pemasirid
New Contributor

Created on ‎08-26-2025 02:31 PM

Fortigate HA with Dual Home L3 Switches

Hi,

I'm trying to configure two FG 201G HA with dual home FS424 switches  (mesh connectivity). I added each core switch port to FW1 and FW2 to the fortilink interface. 

I was reading some fortinet documentation saying that each firewall connections to SW1 and SW2 has to be on separate LCAP group. But I do not see any option to configure LACP group when we added those ports to "fortilink" interface. See below my topology.

 

Screenshot_613.png

Below link shows such design option (see only the core portion), but does not have any configuration details how to configure two LCAP groups on firewall side.

If anyone has configured/implemented above scenario, please advise me with what exact configuration we need to configure for the ports connecting from Core1 and Core2 to FW1 and FW2 to make this work smoothly.  
Thank you in advance..

Labels:
141
0 Kudos
3 REPLIES 3
Jean-Philippe_P
Moderator
Moderator

Created on ‎08-29-2025 01:08 AM

Hello pemasirid, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
101
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎09-01-2025 01:09 AM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
70
0 Kudos
Jean-Philippe_P
Moderator
Moderator

Created on ‎09-01-2025 06:11 AM

Hello again pemasirid,

 

I found this solution. Can you tell me if it helps, please?

To configure a dual-homed FortiGate HA setup with FortiSwitches using LACP, follow these steps:

 

  1. Configure FortiLink Interface: Ensure that the FortiLink interface is configured on both FortiGate units. This interface will manage the FortiSwitches.

  2. Configure LACP on FortiSwitches: On each FortiSwitch, configure LACP groups for the ports connecting to the FortiGate units. This is done using the `config switch trunk` command in the FortiSwitch CLI.

  3. Separate LACP Groups: Each connection from the FortiGate to the FortiSwitch should be in a separate LACP group. This means you will have two LACP groups per FortiSwitch, one for each FortiGate.

  4. FortiGate Configuration: On the FortiGate, ensure that the FortiLink interface is set to use LACP. This can be done by setting the `set lacp-mode` to `active` or `passive` under the FortiLink interface configuration.

  5. Verify Configuration:
    - Use the `get system ha status` command on the FortiGate to verify HA status.
    - Use the `execute switch-controller get-conn-status` command to check the FortiLink state.

  6. Testing: Test failover scenarios to ensure that the HA and LACP configurations are working as expected.

 

If you need specific command examples or further assistance, please provide more details about your current configuration.

Jean-Philippe - Fortinet Community Team
57
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.