I have Fortigate 2201E and want to setup active-active multi-home setup with 2 x ISP for web/app hosting on servers in the datacenter
I have 10G from each ISP and will like a truly redundant HA setup that is active-active, not primary-failover
I use cloudflare as firewall/proxy/DNS in front of the fortigate for reference and wanted to check what the best route for this setup is
I know most people go for primary/failover like mentioned in this guide https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-SD-WAN-with-Primary-ISP-a... by @lcamilo but what i want is active-active setup
Is this a common setup especially when not putting a router in front of fortigate and instead want to connect directly to the ISPs from the fortigate.
What i have heard so far is use SD-WAN feature and get ipv4/ipv6 blocks from each ISP. I will be getting /24 ipv4 and /48 ipv6 from each ISP. And then connect each ISP to an interface and setup dedicated virtual servers, virtual ips etc for each ISP and then setup load balancing on cloudflare
Is this the proper setup without setting up routing table BGP on the fortigate?
I also have my own ARIN /24 ipv4 and /48 ipv6 blocks just incase there is a better setup that may require that
So looking forward to the expert engineers to help guide in the best way to approach this
one of benefit of active-active with 2 x ISP each with 10G DIA uplink is i then get 20G
Created on 10-07-2025 07:49 AM Edited on 10-07-2025 07:50 AM
your responses are a bit confusing, from kept mentioning 2 fortigates to saying i should run BGP to then saying internet routing table will be too large after mentioning fortigates are not meant for that and now mentioning SD-WAN without providing specific help requested in the post
Appreciate your responses but maybe we can get responses from others that can help guide on proper setup to go for. Here for guidance not just random responses on things i can not trust to follow
I apologize and shut up.
You subject like said "...active-active multi-home..." that's why I made a wrong (for you) assumption.
Toshi
Kindly share a topology diagram illustrating your setup to help us better understand your requirement.
My post is asking for the setup to go for, so this is pre-topology diagram
this is discussion to start the topology diagram
User | Count |
---|---|
2625 | |
1395 | |
810 | |
671 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.