Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dirkdigs
New Contributor

Dedicated HA port 200E

Pair of 200E

looks to have dedicate HA port

what is this mainly used for ? is it used as inside LAN port or heartbeat in HA cluster?

Does it have any limitations .

I am thinking about using it as my inside LAN port with SVI etc . 

1 REPLY 1
Kenundrum
Contributor III

In general, the mgmt/ha ports are not attached to the hardware acceleration network processors. It's not recommended to use those for significant traffic.

It looks like like the E series have relabeled the ports in weird ways. The ha port is what previously would have been mgmt2, most people use it for dedicated HA heartbeats or for redundant management. My 500Es have dedicated sniffer and virtual wire pair ports as well. The short answer is that you can use any of the ports on the devices for any purpose you want. A port labeled DMZ doesn't actually need to be used for DMZ functions. I suggest double checking the hardware acceleration guide https://docs.fortinet.com/d/fortigate-hardware-acceleration-56 to see how the ports on your devices are attached to processors and it will give you guidance on what kinds of traffic flow between ports will allow for hardware offload and therefore better performance.

 

I would not use the HA port for an inside interface. The 200E appears to be split down the middle between its two NP processors. If you expect the majority of your traffic to be going between the "inside" interface and wan1 or wan2, it would make sense to use one of the ports 1-8 as an inside. That setup would allow traffic between those ports to be offloaded and give the CPU breathing room.

For what it's worth, the document appears to have a typo for the 200E- i would trust the diagram and not the text description above it.

CISSP, NSE4

 

CISSP, NSE4
Labels
Top Kudoed Authors