Hi, guys,
I am new to Fortinet products.
We have two sites, I just installed Fortigate 400e HA pair at each site, and multi WAN links at each site, like SiteA has two internet lines for web surfing and then two IPLC lines connect to SiteB ( also has two internet lines )
I would like to get recommendation from your experts, how to design/configure the 400e HA pair at each site:
1. Internet lines for web surfing at each site
2. IPLC lines for two site communication ( with private IP subnets)
Many thx in advance.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I'm not too sure what exactly you are after here - so I'll take a stab at connectivity.
I'm going to assume you have a pair of core Fortiswitches running in MCLAG for this.
The key with HA is to ensure that you maintain connectivity in the event of an HA primary change over, so the incoming links need to go through VLANs on the core switches before connecting to the HA pair. The links from the switches can be physical cables to the WAN ports on the Fortigates, but I usually use VLANs on the FortiLink interface.
Then you should add the interfaces to SDWAN and setup PLA and SDWAN Rules to handle traffic.
For a dual WAN setup I would normally connect it up similar to this diagram (just add more for IPLC links) -
If you haven't seen it, this cookbook article is a good starting point fo HA setup - https://cookbook.fortinet.com/high-availability-two-fortigates/index.html
Hi,
I'm not too sure what exactly you are after here - so I'll take a stab at connectivity.
I'm going to assume you have a pair of core Fortiswitches running in MCLAG for this.
The key with HA is to ensure that you maintain connectivity in the event of an HA primary change over, so the incoming links need to go through VLANs on the core switches before connecting to the HA pair. The links from the switches can be physical cables to the WAN ports on the Fortigates, but I usually use VLANs on the FortiLink interface.
Then you should add the interfaces to SDWAN and setup PLA and SDWAN Rules to handle traffic.
For a dual WAN setup I would normally connect it up similar to this diagram (just add more for IPLC links) -
If you haven't seen it, this cookbook article is a good starting point fo HA setup - https://cookbook.fortinet.com/high-availability-two-fortigates/index.html
Hi, PerthNSE,
May thanks for your reply and information, I set up the HA structure and SD-WAN zones for the internet and IPLC lines, at the attached.
But strangely, I can not configure static route to individual SD-WAN zone separately, only this object "SD-WAN"
=====
config system sdwan set status enable config zone edit "virtual-wan-link" next edit "Access_to_Internet" next edit "LL_link-to-16HK" next end config members
.....
.....
config router static edit 1 set distance 1 set sdwan enable next edit 2 set dst 10.16.7.0 255.255.255.0 set gateway 10.10.32.22 set device "port7" next
===========
Änything I need to modify the "config router static", please advice
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
229 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.