Gents, I am preparing a multihome setup for my customer, assuming BGP run between the customer and two ISPs. My dilemma is based on the fact that I have more than one FGT unit hence more than one scenario possible. I have drafted two main scenarios for easy reference. FG301 and FG302 shown are FG621B' s currently clustered and interconnecting company' s LAN, DMZ and internet. Apart from these, there are two older and out-of-service FGT units (FG400A' s with Fortiguard subscriptions expired), let' s call them FG303 and FG304 (not included in my diagrams). The AS300 stands for the company' s DMZ (with services available publicly). The MLS is a LAN core switch doing both switching and routing (collapsed two-tier LAN topology). This MLS is both IGPs- and BGP-capable. In scenario 1, FG301 and FG302 form a cluster being an eBGP peer for both ISP1 and ISP2. The cluster apart, scenario 1 is default and widely discussed in both KB and docs (unlike scenario 2). In scenario 2, FG301 and FG302 have eBGP sessions with R101 and R201 respectively. They are also running iBGP between themselves. I have considered three wariants to that scenario: 2a. FG301 and FG302 run VRRP between them for both intranet (MLS) and DMZ. 2b. FG301 and FG302 run iBGP with MLS. 2c. FG301 and FG302 are clustered, FG303 and FG304 are clustered likewise. The two clusters may replace FG301 and FG302 in both 2a. and 2b to create further sub-variants. Preferences: a) to be able to load-balance both outbound and inbound internet traffic on both links shared with ISPs. b) to keep MLS within " campus block" (out of company' s edge block following Cisco' s ECNM), hence and to my understanding - avoid iBGP on it. c) to keep the setup preferably simple. Following these preferences, I believe that scenario 1 is best suited. Although visually simpler than no. 2, I see no redundancy drawback here. My questions are: - am I missing any other attractive option? - am I missing any pros and cons of the options mentioned? Will appreciate your opinions. Cheers, Rafal