I have 2 physical sites that are connected by 2 layer 2 connections. One is ASE and the other is microwave. At each site I have 2 Cisco stacks and 2 HA Fortigates. The Fortigates are setup as internal segmentation firewalls and handle all the routing. They are connected using redundant interfaces (Not ideal, but I am limited since they are 300e's). Spanning the vlan across the 2 is not a problem. I have that now and it works fine since the connections are layer 2. Routing and spanning the connections across both sides is where I need some help.
My idea was to create the new vlan on all 4 switches and trunk them (not sure if this will create a problem with stp, but I can deal with that). From there, create a set of redundant interfaces between each of the Fortigates and Cisco's. Create a vlan on the redundant interface and set it up as vrrp with my hq as the primary and my dr site as the secondary. Is this a workable setup, or is there something glaring I am missing? There is an example in the attached jpg.
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-high-availability-52/HA_VRRPEx1.htm
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you ever find a solution to this? We are trying to implement this now across two datacenters and I'm just trying to gather as much info as I can before the cutover test. Thanks!
I am still working on implementation on this, however I was able to confirm with my sales engineer that this would be a viable solution. I am working on implementation this week. I will try to remember to post back to this with an outcome. You can hit me up here in a week or so for a status update if you would like. I should have a better answer by then.
Hey there. Hope your configuration is going well... any luck getting this set up? I am making progress on my end, but would like to compare to something that is working for reference. Thanks for your time.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.