Hello,
we have 2 Fortinet 100d, our plan is now to make a transparent failover via ha.
The Situation is: we get a second isp, backup isp. this backup isp should only come into use when primary isp fails.
plan is to make all components overcross, 2 router (1 isp primary, 2 isp backup) go to 2 switches go to 2 firewalls with ha
Step 1: HA Mode (what is the right one) test-enviroment
Step 2: Switch Stacking and testing HA Failover, (Test Monitoring Port) test-enviroment
Step 4:Change 200A with 100D (cfg files from 200a migration to 100d works already) going to prodoction
Step 3:Configure 2 ISPs on the 100d produktion-enviroment
Step 4: an external provider who managed the two public ip`s with the protokolls like ipsec, smtp etc.
Step 1:
Previously testet in Testenviroment:
Il tried it with the new frup funktion, but this is not the right way for us, ill think. the 2 firewalls is in ha and each is standalone.
there not so much experiences on the function on the web. This option killed...
i talk to our reseller and he says the best way is active-passiv. Ok, ill do it, it looks like it works.
So...
setup ha on both 100d, on the slave i must delete the lan1 config und the factory policy, from then it was possible to turn the interface mode to switch mode
now the 2 units make sync
ha1 und ha2 connected to each unit
for test i plugged port 16 on each to an switch
mgmt port on i configured as an monitoring port on both, these goes to the switch too
failover test unit1 master: i plugged off port 16, ping fails, i plugged out mgmt--> ping ok
the failover seems to work
My first Question to you is now: Is this the right way for us?
have you any tips for me?
This is my first Firewall configuration (and this is really not so easy in this scenario), so i am sorry for errors or patchy background.
And my English is not so good to...:-)
Regards
Xris76
Hi,
HA - 2 unit must be the same model and firmware,
If you do link backup or link loadbalance, FG200D firmware upgrade to V5.2.2, using the new function: wan load balance .
mac
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.