HA Issues

dkonate · ‎10-28-2024

Hello Everyone,

we have a problem with the configuration of our HA, the HA is well configured and synchronized but the problem is that the master works well, but as soon as there is a problem on the master and we switch to the slave there is no traffic passing through the slave and we lose all access to the internet until the master is restored.

a lacp conf has been set up (the master and the slave belong to the same LACP aggregate on the switch side).

Initially, when I plugged the ports, they were all UP, but the slave ports went down later after a LACP negotiation I guess.

https://docs.fortinet.com/document/fortigate/6.4.15/administration-guide/666376

AEK · ‎10-28-2024

Hello

I think it has something to do with the fact that HA gives the same MAC address to active and passive nodes.

Can you try create on your HPE stack two LACP groups (one for each FG) instead of a unique group?

AEK

dkonate · ‎10-28-2024

Hello,

Thank you for your response.

How can we verify that HA gives the same MAC address to active and passive nodes ?

Yes indeed we thought about creating two LACP groups on your HPE stack (one for each FG) instead of a single group, we will set up this configuration to see if it works.

AEK · ‎10-28-2024

Hello

In HA, each interface is given a virtual MAC address that is owned by the active node. The MAC will migrate to the second node on fail-over.

There is a Please check this document.

https://docs.fortinet.com/document/fortigate/7.2.9/administration-guide/564710

AEK

Toshi_Esumi · ‎10-28-2024

I would make those four links at the stacked HPE switches 2 LAG/LACP links to simplify. It would be much simpler and reliable.
LACP1: "master" FGT
LACP2: "slave" FGT

Toshi

HA Issues

Nominate a Forum Post for Knowledge Article Creation