Hi all,
Am hoping you can help with an issue I can't seem to get my head around!
We have a site that has two WAN lines - one is a Starlink (DHCP) and the other a leased line (PPoE). We have the Starlink line going into one 40F, and the leased going into the other, with a patch running between the two on LAN3. I've set HA up for the the leased line 40F to be the primary, which is absolutely fine. However, when I sync the firewalls the PPoE WAN settings from the primary overwrite those on the secondary, meaning that when the primary 'fails' the secondary does not provide internet access.
Is there something really obvious I'm missing here, or will this setup not work?
Simon
Regardless active-passive or active-active, most of config on both units has to be identical, or the secondary syncs with the primary config. You can not have different config on wan interface between two units.
What you need to do is to have a vlan switch terminating both Starlink and leased line (MPLS?), then span those two connections to both units, I recommend wan and 'a' if you're not using fortilink. You have to remove fortilink related config though.
Toshi
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.