Hi Experts,
Our company is building a new environment for our customer and we are using two Fortigate 100D(s) for L3 High Availability and two L2 switches which running MLAG(Cisco concept = VPC) mechanism. Definitely, the server is connecting to those two switches by using LACP mode. So, the topology will like following diagram:
Those two 100D are running Active-Standby mode and my question is, In case of SW-A failure(shutdown, link down between SW-A & Active Fortigate 100D)
Will the traffic path like
Server --> SW-B --> Standby Fortigate 100D --HA link--> Active Fortigate 100D --> uplink network (Internet)?
Are there specific conditions I need to carefully.
Hi Toshi & Mike,
First of all, thank you for your answer over all. Just update the latest information of our implementation.
After discuss the MLAG mechanism with switch's vendor, the data traffic can pass by this "MLAG peer-link"
Thus, we still use only 1 ethernet cable between switch and FG, there is no LACP interface.
Topology as following:
We monitor WAN1 interface & port 13 interface, once Active FG failure and Backup FG transforms to Active status, the data traffic still goes through by switch(right side) --> Backup FG(Active status) --> Internet
Here are my HA configuration setting from Active FG(left side):
config system ha set group-name "****" set mode a-p set password ENC **** set session-pickup enable set session-pickup-connectionless enable set override enable set priority 200 set monitor "port11" "port13" "wan1" end
Just let you know that and thank you for your help.
