geo cluster

ronio · ‎12-12-2023

Hi everyone,

I want to create a geo-cluster.

two of the FortiGate are in one location and another FortiGate is in a different location.

do I need to create a specific VLAN for the ha traffic? and if I do need it, which subnet should I choose for this vlan?

Thank you

srajeswaran · ‎12-12-2023

I am not sure what you mean by simple cluster. You need to configure the cluster as a normal HA setup .

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

srajeswaran · ‎12-12-2023

Hello @ronio , you only need an L2 VLAN for the communication between the fortigates via Hearbeat links. The VLAN ID can be anything, but make sure this ID is not used by any other devices to isolate the HB packets from other network traffic.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ronio · ‎12-12-2023

Thank you!

so just for the explanation vlan id 40 and subnet 40.40.40.1/29 it's ok right?

srajeswaran · ‎12-12-2023

Just vlan ID 40, no need to assign subnet IP.

HB link gets IP address from 169.254.0.0/24 subnet.

below articles will be handy with these kind of deployments.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Best-practices-for-Heartbeat-interfaces-in...

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/849059/ha-heartbeat-interfac...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ronio · ‎12-12-2023

Thanks again!

just a little question, now the two firewalls are connected directly with the physical port (HA), how do we create this dedicated vlan? To set the VLAN to be under the "Interface" ha? and to set it to 169.254.0.0/24? and does this operation cause a downtime?

srajeswaran · ‎12-12-2023

The VLANs need to be configured on the connected switches. You don't need to configure anything on FGT HB interfaces.

Something like below.

FGT1(HB Port)---------(VLAN40)Switch-Location1(VLAN40)----INTERNET----(VLAN40)Location2-Switch(VLAN40)-----------(HB Port)FGT2

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ronio · ‎12-12-2023

so on the firewall side, it will be "clear" Do I need to set up the ha like a "simple" cluster?

srajeswaran · ‎12-12-2023

I am not sure what you mean by simple cluster. You need to configure the cluster as a normal HA setup .

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

ronio · ‎12-12-2023

Thank you very much!

it is possible that the two firewalls that are in the same location, the ha will be directly connected, and only the 3rd firewall will be connected to a switch?

or the 3 ha of the firewall should be connected to a switch?

srajeswaran · ‎12-12-2023

If you have 3 firewalls, and if you connect 2 firewalls back to back, the third one cannot be connected to these 2. You will have to use a switch and connect all 3 using switch.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

geo cluster

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website