- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Limiting the HA interfaces bandwidth
Hello, I should deploy 2 x Fortigate 3000D in HA located in one site each, so that the HA links cannot be direct crossover cables, but regular ethernet cables connected to a LAN infrastructure interconnecting both sites at L2.
All my FG 3000D interfaces are 10-gigabit, so that I should use 2x 10-Gigabit interfaces for the HA connection between both, resulting in a theoretical 20Gbps connection.
My problem is that I’ve been policed with up to 2 Gpbs in this LAN as per bandwidth constraints of the links between both sites.
So my question is whether I can police the HA bandwith consumption in the Fortigate by any means (I have not found any feature to do it), or the best thing I could do is to replace two 10-gigabit SFP+ transceivers by 1-Gigabit SFP’s for HA?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
I don't think there is any means to traffic shape the HA links. Besides, HA traffic uses a non-standard ethertype - you should check that the equipment in-between can handle that. Cisco Nexus can't - they use the same ethertype internally and this will collide. The ethertype can be changed on the FGT side (CLI).
Your best bet would be to use 1 G SFP. Datasheet says they are supported. You will probably use the LX type.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
I don't think there is any means to traffic shape the HA links. Besides, HA traffic uses a non-standard ethertype - you should check that the equipment in-between can handle that. Cisco Nexus can't - they use the same ethertype internally and this will collide. The ethertype can be changed on the FGT side (CLI).
Your best bet would be to use 1 G SFP. Datasheet says they are supported. You will probably use the LX type.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Back in the day I had two 1000As in HA mode with a single 1Gb connection. The traffic over that link was inconsequential, even during peak traffic times. 10 Gb is WAY overkill for those links, in my opinion.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your inputs.
I think i'll try to replace two 10-G transceivers SFP+ at each Fortigate unit by 1-G copper SFP's. I'll also try to find if my network can cope with the Fortigate ethertypes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can find the ethertypes in your config:
config system ha
show full