Fortinet Community

j_a_m_e_s · 07-08-2021

Dear All, I'll try to keep this as short as possible, my hardware is 1500D running 6.0. With this design I'm trying to: * Share two ISP connections across multiple VDOMs (named VD_APPA, VD_APPB, VD_APPY, VD_APPZ) * All VDOMs are layer 3 (NAT mode)* N...

j_a_m_e_s · 02-07-2021

Dear All, I would like to enable BGP graceful restart on my FGCP cluster like this: neighbor x.x.x.x set capability-graceful-restart enable [...]next What needs to be configured on the Cisco peer? As far as I can tell, the upstream peers need to be "...

j_a_m_e_s · 01-30-2021

Dear All I would like to run eBGP across an FGCP pair (A-P mode) with a transparent vdom. Could you take a look at my diagram and let me if this looks feasible please? My questions are: 1. Is my addressing with a /29 subnet ok and a single manage-ip ...

j_a_m_e_s · 01-30-2021

Dear All, When running FGCP is there any way to maintain a separate MGT IP on the active and passive FGTs? I can see that the data-plane interfaces on the units need layer two reachability because in the event of a failover the IP and MAC will float ...

j_a_m_e_s · 11-18-2019

Dear All,I would like to migrate to a stacked vdom with the root learning a BGP default and relaying this to around 10 sub-vdoms via an inter-vdom link with an iBGP peering across the inter-link. I need to get around 10-15 Gbits though the platform a...

j_a_m_e_s · 07-08-2021

Also to mention that if you do FGCP HA, the MGT IP will also be shared between the two units. To manage the slave, you need to go to the master and do "exec ha manage X". There are some workarounds for this, but they didn't work well for me.

j_a_m_e_s · 07-08-2021

It's difficult for us to answer without knowing whether the server and client are separated via the internet or an internal LAN. I'm no expert in Hikvision, but you may not need to open the full table, depending on which products/features your enviro...

j_a_m_e_s · 04-12-2021

I'm just updating this thread with some closing remarks in case it helps others.Basically there are two features which would be interesting to allow independent management of the units when running FGCP a-p mode. #1: ha-reserved-management/ha-direct/...

j_a_m_e_s · 02-12-2021

Another important discovery is that FMG doesn't work with the ha-reserved-management IP. It will add the device correctly, but once you install a policy the installation gets stuck at 35% and the FGFM connection will drop. There is a KB mentioning th...

j_a_m_e_s · 02-08-2021

Hi Ken, Incidentally, if I enable it globally on the switch will there be any adverse impact for peers where Graceful Restart doesn't apply? What I mean is that the switch has lots of upstream peers which are single sup routers/switches and not clust...

Fortinet Community

User Statistics

User Activity

EMAC VLANs to share ISP connection over VDOMs - Confusion after handbook and KB

BGP Graceful Restart

Multihop eBGP across Transparent Firewall

FGCP Management IP

Stacked VDOM and Hardware Acceleration

Re: HA - active-passive with VDOM

Re: is it secure to open this ports

Re: FGCP Management IP

Re: FGCP Management IP

Re: BGP Graceful Restart

Re: is it secure to open this ports

News & Articles

Security Research

Company

Contact Us