Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎01-26-2006 02:49 AM

Mac problem in HA configuration

I Have two FortiGate' s 60 with all interfaces connected to the same cisco swicht. It works fine in standalone mode but, when I start the ha cluster I have some problems because of the virtual mac of the cluster. All of the interfaces get the same mac and it create a conflict with swicht mac address table. I tried to make a static mac address but it didn' t work. Have someone had the same or a similar problem? Thank.
1212
0 Kudos
6 REPLIES 6
Not applicable

Created on ‎01-26-2006 08:49 AM

havent had similar problem, but try to connect the heartbeat devices of the two fgt60' s with a cross cable. this will work better.
781
0 Kudos
Not applicable

Created on ‎01-26-2006 11:27 AM

You need to have the heart beats on a switch or a hub. Crossover is disadvised. The reason is that if one of th FGT units dies, the other will lose link and become confused. You may lose everything. In a pinch, you could use a hub/switch for your primary heartbeat network and a crossover for the secondary, but I wouldn' t go just crossover. I did a redundant switch setup in November. It was pretty difficult. I don' t have the configs handy, but they were Cisco 2950 series switches. I had a separate switch for each heartbeat network. There were other architecture issues and guidelines because dictating more than just a pair of Fortigate 200A' s. Hope this helps. -Jim
781
0 Kudos
Not applicable

Created on ‎01-26-2006 09:51 PM

[Deleted by Admins]
781
0 Kudos
Phil_Smith
New Contributor
In response to

Created on ‎03-06-2006 07:20 AM

...I' m currently in A-P mode.
So if the units are running in A-P mode, rather than A-A, do they do something different with the virtual MACs? I' m trying to get an HA pair installed in different buildings where the amount of fibre between them is limited - the fewer links I can use the better. Because of the shared virtual MAC, I' m already looking at one extra fibre for the outside, one for the heartbeat, one for the DMZ and an existing one for the inside. If I can use VLANs for the outside, DMZ and heartbeat interfaces and pop them all in one switch, then I' ve reduced the number of fibre pairs required from 3 to 1 - much better!
781
0 Kudos
Not applicable

Created on ‎01-27-2006 01:42 AM

As ldwltsysadmins says: " more than just a pair of Fortigate 200A' s" This could be a reason to make the choice using a switch for the heartbeats device. Otherwise for two units a crossover cable is enough. Be sure you will use two heartbeat devices each unit. This will eliminate the single point of failure of only one cable.
781
0 Kudos
Not applicable

Created on ‎03-07-2006 09:56 PM

[Deleted by Admins]
781
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.