VDOM HA FGSP with config synchronization between CPD( I need a L2 interface for HA)

i_urrutxi · ‎06-13-2020

Hello,

Has anyone got HA between two fortigates with FGSP syncing the settings ?. The FG are in diferent CPDs I know that it takes a level 2 to do the synchronization. 
It seems that Fortinet does not recommend doing that configuration sync. 

set standalone-config-sync enable


I want to know if someone has it mounted and working, of course, with synchronization of the configuration.


I would appreciate your comments on it.

Thanks in advance.

ede_pfau · ‎06-13-2020

Why don't you connect both FGTs via a Layer2 link and configure plain HA clustering instead? Done this across 2 datacenters in different corners of a big city.

Might be that the passive cluster member cannot fully take over in case the primary fails (due to connections not available) but at least the configs are 100% identical.

Ede Kernel panic: Aiee, killing interrupt handler!

i_urrutxi · ‎06-14-2020

Hello,

I don't want to have the two CPDs join between L2. I have another HA solution with FGCP with Vdoms and 2 two cluster. That works fine. I'm thinking to have the same solution with FGSP and vdoms but without L2. The main problem is to config synchronization. I have 3 solution:

1- HA with L2 only for HA, I don't wanth to have L2 with traffic interfaces. I'm not sure that this works fine. Has anyone got HA between two fortigates with FGSP syncing the settings?. This is the question.

2- To use a Fortimanager to synchronize the conf between the FWs. To have one Adom for vdoms in the two FWs for the same customer.

3- To develop with terraform or agile a own solution to conf and synchronize the conf.

I prefer the first one but I want to khown that works fine. If someone have this working I would appreciate any information.

Thanks in advance.

VDOM HA FGSP with config synchronization between CPD( I need a L2 interface for HA)

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website