I have a question regarding the use of redundant interfaces. I am using a single FortiGate 200B (standalone mode, no HA). I would like to connect two different switches to the same interface on the FortiGate in order to provide network redundancy in the event one of the switches fails. Looks like a redundant interface could be used to facilitate this however, the redundant interface would also have at least one VLAN subinterface associated with it (they would be trunk links from the switches to FortiGate interface).
The FortiOS Handbook states the following on p. 354:
An interface is available to be in a redundant interface if:
• it is a physical interface, not a VLAN interface
• it is not already part of an aggregated or redundant interface
• it is in the same VDOM as the redundant interface
• it has no defined IP address
• is not configured for DHCP or PPPoE
• it has no DHCP server or relay configured on it
• it does not have any VLAN subinterfaces
• it is not referenced in any security policy, VIP, or multicast policy
• it is not monitored by HA
• it is not one of the FortiGate-5000 series backplane interfaces
I have enabled spanning tree (STP) on all of the switches to prevent network loops.
Even though the handbook indicates that it can' t be a redundanat interface, the web based GUI lets me configure a redundant interface with VLAN subinterfaces, and it seems to work as it should. Is there something I should be concerned about? or is this an acceptable use of the redundant interface?
I can always untag the ports on the swithes and connect them to different interfaces on the FortiGate to get around the VLAN issue, but it seems to work fine without doing so.
Any thoughts?