Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
segurinf
New Contributor

Created on ‎02-28-2025 10:20 AM

Redundant Datacenter Setup

Hello everyone!

As part of our network infrastructure, we currently have a HEADQUARTER "A," which houses a datacenter with servers and services accessed from all our LANs (both in branch offices and headquarters).

We are considering establishing a second HEADQUARTER ("B"), which will contain a mirrored datacenter to that of HQ "A."

Considerations:
Both HQs have Fortigate edge firewalls:

HQ "A": Fortigate 600E
HQ "B": Fortigate 900G
Both HQs and BOs are connected to a common MPLS service and have internet access through one or more ISPs.

There is a dedicated fiber optic connection currently in use between HQ "A" and HQ "B."

The objective is to ensure that, if the datacenter at HQ "A" becomes unavailable due to a technical issue (e.g., failure of HQ "A"'s firewall), the rest of the LANs can continue consuming services through HQ "B" until HQ "A"’s firewall is restored and resumes its primary role.

Therefore, we would like to ask for your guidance on which Fortigate features and functions we can utilize to implement the technical requirements described above.

I am attaching a network diagram for a better understanding of the current infrastructure.

Best regards.MPLS.png

Labels:
243
0 Kudos
2 REPLIES 2
funkylicious
SuperUser
SuperUser

Created on ‎02-28-2025 10:27 AM Edited on ‎02-28-2025 10:28 AM

at first glance, i would say VRRP for HQ LANs and BGP between HQ A/B and branches, where HQ A is the main ( also at VRRP level is the MASTER for the LANs at GW ) and HQ B is the backup for traffic from the branches.

"jack of all trades, master of none"
"jack of all trades, master of none"
240
AEK
SuperUser
SuperUser

Created on ‎02-28-2025 11:16 AM

Hello @segurinf 

I think @funkylicious said "at first glance" because this is purely a matter of network (nothing to do with FortiGate) and it depends on many factors that are specific to your network and requires a deeper study.

So I think the best thing to do here (I guess this is a critical installation) is to leave the network architecture to a network architect so he takes the responsibility to make the optimal design for this case.

AEK
AEK
221
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.