Hot!HA Fortigate with HA Fortiswitch - is that working?

Author
mikt
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/08/16 06:16:22
  • Status: offline
2017/09/13 06:23:20 (permalink)
0

HA Fortigate with HA Fortiswitch - is that working?

Hello
 
has anyone setup a HA FGT (300D in my case) connected to 2 FSW while using Aggregated ports as Fortilink ports?
 
Whenever i use the interconnect between the Fortiswitches i create a loop - if i not use that ISL - i only see that one switch connected to the active firewall. 
I may miss a point :)
 
I would appreciate any help as the manual is not very helpfull.
 
I am running 5.6 and 3.6.2 Firmware 
 
Thanks!
#1

2 Replies Related Threads

    sam.hammoud
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/12/18 08:51:27
    • Status: offline
    Re: HA Fortigate with HA Fortiswitch - is that working? 2017/12/18 09:00:26 (permalink)
    0
    Have you set the aggregate ports on the Fortigate you are using to split interface mode?
     
    Commands as follows:
     
    config system interface
    edit "Whatever your interface aggregate is"
    set fortilink-split-interface enable
    #2
    Prab
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2017/12/04 01:30:25
    • Status: offline
    Re: HA Fortigate with HA Fortiswitch - is that working? 2017/12/19 07:22:48 (permalink)
    0
    mikt
    Hello
     
    has anyone setup a HA FGT (300D in my case) connected to 2 FSW while using Aggregated ports as Fortilink ports?
     
    Whenever i use the interconnect between the Fortiswitches i create a loop - if i not use that ISL - i only see that one switch connected to the active firewall. 
    I may miss a point :)
     
    I would appreciate any help as the manual is not very helpfull.
     
    I am running 5.6 and 3.6.2 Firmware 
     
    Thanks!




    Hi Mikt,
     
    Yes, I did test the setup of a FG Cluster (active-Passive) connecting to 2 different fortiSwitches.
    I did use an aggregate interface as a fortiLink & it worked fine.
     
    Solution:
    If a fortiGate/Cluster is connected to two different fortiSwitches via fortiLink, then your MUST use fortiLink-split-interface enabled command. The only exception is to use MCLAG and create an ICL between these fortiSwitches instead of using normal ISL. After that you can disable the fortiLink-split-interface command. ;)
    Ref: Page 2142 of the FortiOS Handbook for FortiOS 5.6.2
     
    The following topology was tested in my lab and it worked fine:

     
    I hope it was helpful.
    Thanks & regards,
    Prab :)

    Attached Image(s)

    #3
    Jump to:
    © 2018 APG vNext Commercial Version 5.5