Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PicoloSan
Visitor

Created on ‎10-28-2024 04:08 AM

Issiue with Fortigate HA/Fortiswitch HA configuration

Hello

 

From few days I'm in company where they build network on fortigate devices, before I work only with mikrotik solution, so i need to understand little bit the "fortios idea" So is good time becouse from saturday we notice strange sitauation.

 

In this company they have two localization from one to second is some 25 kilometers, they have direct fiber connection between. This fiber cable are connected to Fortiswitch on site A port 51, on site B port 52.

To both Fortiswitch to port1 is connected ISP also with SD-WAN configuration

Site A, Fortiswitch Port1 IPS X1 (vlan_X1 -> Fortilink)

Site B, Fortiswitch Port1 IPS X2 (vlan_X2 -> Fortilink)

 

On fortigate devices the DMZ port is used for HB, so from both Fortigates DMZ port is connected to port 20 in both Fortiswitch. HA type is A-P, Also SD-WAN

 

 

General.png

This is small picture how this looks with physical connection, and this issiue we have

 

On saturday fiber between Site and Site was broken, SD-WAN showed on both fortigates the "Second" link is unreachable, but no internet connection from hosts.

 

After fiber connection go up, i did some test, and this looks like that:

1. When WAN1 is disconnected everything works, Hosts have internet service on both Sites with WAN2.

2. When WAN2 is disconnected everything works, Hosts have internet service on both Sites with WAN1.

3. When Fiber is disconencted no internet conenction on both Sites

 

From info I have this works... in last year, No one know what configuration was ok, but i know the update was done many times, and some changes in cfg was done also. But never tested...

 

I read in fortinet documentation and check few network topology, and no one have in description the situation is here, where WAN are connected to Fortiswitch almost evrywhere WAN is connected to Fortigate ports (but I dont think this is the issiue).

Also I see almost everywhere in doc, where I can see two Sites, isinfo about MCLAG on Fortiswitch, here in cfg I dont see this.

Is someone on this forum who can share his expirence with this solution, or give me link where i can found some info i documentation how to configure HA, and Forlink/SwitchController to resolve issiue.

 

Regards

 

57
0 Kudos
3 REPLIES 3
adambomb1219
SuperUser
SuperUser

Created on ‎10-28-2024 05:08 AM

Not enough information here really.  What "fiber" is disconnected?  The link between the two firewalls?

40
0 Kudos
PicoloSan
Visitor
In response to adambomb1219

Created on ‎10-28-2024 05:49 AM Edited on ‎10-28-2024 05:56 AM

Like on the picture, there is only one Fiber connection, this is 25 kilometers link between two localization connected to Fortiswitch Site A Fortiswitch Port 51 - Site B Fortiswitch Port 52

 

Between two Firewall (Fortigate) any connection not exist (I mean direct), the everythink like SD-WAN, HA,  Physical connection from ISP (WAN) etc are conencted to ports in Fortiswitch. Form Firewall (Fortigate) only port A&B are connected to Fortiswitch nothing else

 

25
0 Kudos
PicoloSan
Visitor

Created on ‎10-28-2024 06:08 AM

To clarify more the toplogy looks like  this seciotn

HA-mode FortiGate units in different sites

In document Deploying MCLAG topologies | FortiSwitch 7.4.2 | Fortinet Document Library

But only with One Fortiswitch on every site, and WAN not connected directly to Fortigate (Firewall) but to Fortiswitch

22
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.