Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ronio
New Contributor

Created on ‎12-12-2023 01:25 AM

geo cluster

Hi everyone,

I want to create a geo-cluster.

two of the FortiGate are in one location and another FortiGate is in a different location.

do I need to create a specific VLAN for the ha traffic? and if I do need it, which subnet should I choose for this vlan?

Thank you

Labels:
774
0 Kudos
1 Solution
srajeswaran
Staff
Staff
In response to ronio

Created on ‎12-12-2023 11:29 PM

I am not sure what you mean by simple cluster. You need to configure the cluster as a normal HA setup .

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

704
9 REPLIES 9
srajeswaran
Staff
Staff

Created on ‎12-12-2023 01:39 AM

Hello @ronio , you only need an L2 VLAN for the communication between the fortigates via Hearbeat links. The VLAN ID can be anything, but make sure this ID is not used by any other devices to isolate the HB packets from other network traffic.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

767
ronio
New Contributor
In response to srajeswaran

Created on ‎12-12-2023 01:52 AM

Thank you!

so just for the explanation vlan id 40 and subnet 40.40.40.1/29 it's ok right?

764
0 Kudos
srajeswaran
Staff
Staff
In response to ronio

Created on ‎12-12-2023 01:58 AM

Just vlan ID 40, no need to assign subnet IP.

HB link gets IP address from 169.254.0.0/24 subnet.


below articles will be handy with these kind of deployments.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Best-practices-for-Heartbeat-interfaces-in...

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/849059/ha-heartbeat-interfac...

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

760
ronio
New Contributor
In response to srajeswaran

Created on ‎12-12-2023 02:05 AM

Thanks again!

just a little question, now the two firewalls are connected directly with the physical port (HA), how do we create this dedicated vlan? To set the VLAN to be under the "Interface" ha? and to set it to 169.254.0.0/24? and does this operation cause a downtime?

753
0 Kudos
srajeswaran
Staff
Staff
In response to ronio

Created on ‎12-12-2023 02:19 AM

The VLANs need to be configured on the connected switches. You don't need to configure anything on FGT HB interfaces.

Something like below.

FGT1(HB Port)---------(VLAN40)Switch-Location1(VLAN40)----INTERNET----(VLAN40)Location2-Switch(VLAN40)-----------(HB Port)FGT2

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

748
ronio
New Contributor
In response to srajeswaran

Created on ‎12-12-2023 10:43 PM

so on the firewall side, it will be "clear" Do I need to set up the ha like a "simple" cluster? 

708
0 Kudos
srajeswaran
Staff
Staff
In response to ronio

Created on ‎12-12-2023 11:29 PM

I am not sure what you mean by simple cluster. You need to configure the cluster as a normal HA setup .

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

705
ronio
New Contributor
In response to srajeswaran

Created on ‎12-12-2023 11:40 PM

Thank you very much!

it is possible that the two firewalls that are in the same location, the ha will be directly connected, and only the 3rd firewall will be connected to a switch?

or the 3 ha of the firewall should be connected to a switch?

700
0 Kudos
srajeswaran
Staff
Staff
In response to ronio

Created on ‎12-12-2023 11:42 PM

If you have 3 firewalls, and if you connect 2 firewalls back to back, the third one cannot be connected to these 2. You will have to use a switch and connect all 3 using switch.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

698
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.