Hi Experts,
Our company is building a new environment for our customer and we are using two Fortigate 100D(s) for L3 High Availability and two L2 switches which running MLAG(Cisco concept = VPC) mechanism. Definitely, the server is connecting to those two switches by using LACP mode. So, the topology will like following diagram:
Those two 100D are running Active-Standby mode and my question is, In case of SW-A failure(shutdown, link down between SW-A & Active Fortigate 100D)
Will the traffic path like
Server --> SW-B --> Standby Fortigate 100D --HA link--> Active Fortigate 100D --> uplink network (Internet)?
Are there specific conditions I need to carefully.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Toshi & Mike,
First of all, thank you for your answer over all. Just update the latest information of our implementation.
After discuss the MLAG mechanism with switch's vendor, the data traffic can pass by this "MLAG peer-link"
Thus, we still use only 1 ethernet cable between switch and FG, there is no LACP interface.
Topology as following:
We monitor WAN1 interface & port 13 interface, once Active FG failure and Backup FG transforms to Active status, the data traffic still goes through by switch(right side) --> Backup FG(Active status) --> Internet
Here are my HA configuration setting from Active FG(left side):
config system ha set group-name "****" set mode a-p set password ENC **** set session-pickup enable set session-pickup-connectionless enable set override enable set priority 200 set monitor "port11" "port13" "wan1" end
Just let you know that and thank you for your help.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.