Hello! I'm working on an exciting network improvement project to implement High Availability (HA) in my environment by adding a second Fortigate appliance.
Currently, I have a single Fortigate 80F that's efficiently managing two WAN interfaces through SD-WAN. This setup allows me to create custom rules for routing specific devices through different WANs and provides automatic failover if either ISP experiences downtime.
I would need to enhance this setup by implementing a second Fortigate appliance to ensure network continuity even if one Fortigate unit fails. I'm curious about the best approach to achieve this - would it require any additional hardware like switches?
I'd greatly appreciate any guidance on implementing this redundant setup.
You could create transit VLAN's for the two ISPs on the switch you have in the second diagram, in which the ISP routers and the WAN ports on the 2 FortiGates will uplink into. This is the easiest way to achieve this but you now have a single point of failure in the switch.
Hopefully this example illustrates this.
You could build on this by uplinking into multiple switches tor additional resilience, but that all depends on your setup and budget.
I would add a direct cable between two 80Fs to @cjackson_ncl 's diagram for heartbeat connection without going through the switch, if they're close to each other.
Toahi
Yes this also. Apologies I had assumed this would be the case anyway
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.