Dear All,
I have an HA cluster working in active passive mode. Both fortigate firewalls are connected to one core switch. I just received another core switch and would like to implement VRRP on both core switches and still work in Forti Active passive HA.
What are the options I have in this topology.
For example:
if I connect FW 1 to Core 1 and FW 2 to Core 2
and core 1 and 2 are connected.
how will the traffic pass if FW 1 is active and core 1 is down?
Thanks,
Sincerely,
Hossam El-Din Roshdy
Hello Hossam3085,
FGT when working in HA-AP mode only have one device passing traffic at a given time. So you can consider HA cluster as one device.
VRRP once configured will have one single Virtual IP that can be used as Gateway IP.
You will need to use two interfaces on each firewall, and than put those two interfaces as a member of LAG interface. Each of the two interfaces from both the Firewalls, should be connected to each of the core switch.
Then you can configure a static route pointing towards VRRP Virtual IP through LAG interface.
I hope this helps.
Thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.