Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
skell_sumner
New Contributor

Physical wiring MCLAG, Fortigate HA and IDF Stack(s)

Ok. I am struggling with the proper physical cabling for a highly redundant network. With the following attributes:

  1. Dual ISP
  2. HA Failover firewall cluster
  3. MCLAG Core (Two 10G 24 Port switches also used for 10G connectivity to HA VM Clusters)
  4. A four switch access layer stack in the data center
  5. A 2 switch Stack IDF
  6. A 2nd IDF with a single switch.

Here is the diagram I have come up with so far wading through the vague Fortinet documentation on the subject:

 

2022-09-04_22-10-24.png

 

I'm not sure if this is overly complicated or correct. Any help is appreciated.

2 REPLIES 2
Anonymous
Not applicable

Hello @skell_sumner ,
 
Thanks for your post on the Fortinet Community forum. We hope that fellow Fortinet Community members share their insights on your query which will be of help to you. Meanwhile, if you have a Fortinet account manager we recommend you reach out to them as this seems to be more of a design related question.
 
Thanks and regards
 
sidewaysguy14

Hey there, 

 

Overall, the only thing that you may want to change is the IDF loop connectivity back to the distribution switches.  For the loop, connect redundantly from the top to the first distribution switch and the bottom to the second distribution switch.  STP will be used and traffic flow will be distributed through either side.  Using more than one link back to the distribution switch will create a LAG which in this case would expand the capacity and provide cable redundancy from the top and bottom of the stack.   I'm going to guess you have been using this for guidance in your design:  https://docs.fortinet.com/document/fortiswitch/7.2.1/fortilink-guide/780635/switch-redundancy-with-m... 

Secure all the things!
Labels
Top Kudoed Authors