This is my first Firewall Setup and my first post here so forgive me if this post is a little hard to follow
Here is my setup:
2 Fortigate 500D's in a HA Active\Passive
2 ISPs
each connected to a switch (ISP1-->Sw1 ISP2---> SW2) by a single interface with the switches connected via crossover
The Switches are not stacked
SD-WAN
2 Redundant Connections WAN1(port1, port 2) WAN2(port3 ,port4)
My question:
Can I connect each individual port of the redundant interface to a separate switch
Port1--> Sw1(port1) Port2-->SW2(port1)
or
do I have to create aggregate ports on the switches and connect both ports of the redundant interface to the aggregate ports on a single switch?
WAN1\Port1-->Sw1\port1
WAN1\Port2-->SW1\port2
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
So judging by this diagram, you cannot split the ports that make up the redundant interface to go to separate switches. Is that correct?
Let me reword my question. Can I connect each port of the redundant interfaces to different switches if the switches are not stacked and the switch ports are not aggregated(LACP).
Yes this is possible. You will need to trunk the switches and create 2 VLANs (1 for each ISP subnet). Create 3 ports for each VLAN. For example, if VLAN10 is defined for ISP 1 and VLAN20 for ISP 2, you can do something like:
ISP 1 --> Sw1 port 1 (VLAN10)
ISP 2 --> Sw2 port 1 (VLAN20)
FW Primary WAN1 --> Sw1 port 2 (VLAN10)
FW Primary WAN2 --> Sw1 port 3 (VLAN20)
FW Secondary WAN1 --> Sw2 port 2 (VLAN10)
FW Secondary WAN2 --> Sw2 port 3 (VLAN20)
Make sure your trunk allows both VLANs
HTH
d
Is there a way to do this without vlans?
You don't need VLANs if each switch is dedicated to the ISP connected.
Primary Firewall WAN1 --> Switch1
Primary Firewall WAN2 --> Switch2
Secondary Firewall WAN1 --> Switch1
Secondary Firewall WAN2 --> Switch2
HTH
d
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.