We currently have a facility with a single fortigate 60D device and want to get the facility setup with HA. I've seen this post:
http://cookbook.fortinet.com/high-availability-two-fortigates/ and was wondering if I can get by without the two separate switches.
If so would i just make sure the WAN ports on the switch & modem are on a specific vlan? We use HP procurve switches or the new HP Aruba switches out there and then put say ports 5 on the fortigate back to the switch(to connect to internal) on our regular vlan that it is currently setup as.
Thanks, Jeremy
Dear friend,
yes you could surely do this.
Just 2 observation:
[ul]Thanks for the response. I'm well aware of the single point of failure and it's something the company is OK with having so as a counter to that we've got a switch configured that is sitting in storage out there so if that switch were to go down we could swap it out, copy the latest config and should be up and running shortly.
Yes you can use a single switch - partitioned by internal-only, untagged VLANs - to connect the cluster ports. For each port used on one FGT you need 3 switch ports. (I prefer to have 4 ports so that I could plug into that network for debugging.)
These partitioning VLANs must not be used anywhere else in the config - certainly not in your network. With IDs ranging up to 4095 it shouldn't be too hard to choose some troublefree IDs.
No idea about the Procurve switch but I doubt it being suitable. There is one caveat with switch partitioning: each (internal) VLAN needs to maintain a FDB of it's own. This is quite hard to verify in advance. I've heard that some DELL switches do not comply with this and just reboot on seeing the same MAC address on different physical ports. From experience, 'Enterprise grade' switches from 3Com/HP/H3C (series 58xx, 59xx) are fine to use.
I may be missing something can you explain the three switch ports for each port used on one FGT?
1 for FGT1, 1 for FGT2, 1 for the network, right?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.