Hi everyone,
I want to create a geo-cluster.
two of the FortiGate are in one location and another FortiGate is in a different location.
do I need to create a specific VLAN for the ha traffic? and if I do need it, which subnet should I choose for this vlan?
Thank you
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I am not sure what you mean by simple cluster. You need to configure the cluster as a normal HA setup .
Hello @ronio , you only need an L2 VLAN for the communication between the fortigates via Hearbeat links. The VLAN ID can be anything, but make sure this ID is not used by any other devices to isolate the HB packets from other network traffic.
Thank you!
so just for the explanation vlan id 40 and subnet 40.40.40.1/29 it's ok right?
Just vlan ID 40, no need to assign subnet IP.
HB link gets IP address from 169.254.0.0/24 subnet.
below articles will be handy with these kind of deployments.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Best-practices-for-Heartbeat-interfaces-in...
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/849059/ha-heartbeat-interfac...
Thanks again!
just a little question, now the two firewalls are connected directly with the physical port (HA), how do we create this dedicated vlan? To set the VLAN to be under the "Interface" ha? and to set it to 169.254.0.0/24? and does this operation cause a downtime?
The VLANs need to be configured on the connected switches. You don't need to configure anything on FGT HB interfaces.
Something like below.
FGT1(HB Port)---------(VLAN40)Switch-Location1(VLAN40)----INTERNET----(VLAN40)Location2-Switch(VLAN40)-----------(HB Port)FGT2
so on the firewall side, it will be "clear" Do I need to set up the ha like a "simple" cluster?
I am not sure what you mean by simple cluster. You need to configure the cluster as a normal HA setup .
Thank you very much!
it is possible that the two firewalls that are in the same location, the ha will be directly connected, and only the 3rd firewall will be connected to a switch?
or the 3 ha of the firewall should be connected to a switch?
If you have 3 firewalls, and if you connect 2 firewalls back to back, the third one cannot be connected to these 2. You will have to use a switch and connect all 3 using switch.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.