Hello Expert,
I have a design question regarding our current network setup, and I’m hoping you can help clarify a few points. While this design may seem a bit unconventional, we are limited to using the switches already implemented in our design. I would like to know if what I’m proposing is feasible, and if so, how we can achieve it.
Site 1:
Site 2 (DMZ):
Site 3 (LAN):
I have attached a design diagram for your reference to help illustrate my question.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Ideally those two switches at each site are stacked, or just one switch, so that you don't have to do link-monitor to detect HA status change on the other site. But I assume it's not possible.
- Site 3's FGTs need to have the same link-monitor to detect changes at Site 2.
- Secondary/backup FGT doesn't process/pass L3 packets other than "dedicated-to management" interfaces.
Toshi
In other words, with your current set up, each site or each HA cluster can't change a-p roles independently. When one of them changes, the other have to change at the same time.
This means, you have to set up the link monitor at Site1 cluster when Site2 swap, and Site2 needs to detect Site3's change as well.
Not efficient design.
Toshi
thanks Toshi for your reply,
i would like to mention that those switch can not be stacked and those are layer 3 switches.
To clarify, with this design, I need to set up the link monitoring on Site 2 for both Site 1 and Site 3, as well as on Site 3 for Site 2, correct?
Additionally, lets take another scenario if I configure the interfaces on Site 3 that connect to Site 2 as routed ports and set up a trunk port between the primary and secondary switches at Site 2, would I still need to configure link monitoring on Site 3? In this scenario, if Site 1 goes down, the backup device at Site 2 would route traffic to Site 3 via the trunk port. What are your thoughts on this approach?
is there any other way i could achieve which is better way?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.