Firewall HA with two ISP

baris · ‎06-05-2018

Hi guys,

How can I apply this HA mode on for this topology ?

I have two isp and two different wan ip network. How can I archive this ?

I tried active-passive ha but due to nat interface rule it didn't work.

Regards,

Baris.

ahmedsf · ‎06-05-2018

Hi,

Do you have the router before FW or ISP link is directly connecting into WAN ports?

In any case, suggestion is to keep the device priority 200 and heartbeat interface priority 50, 50 on both ports

ahmedsf · ‎06-05-2018

on which ports you have connected both FW's to each other to create HA? Let me know.

ericli_FTNT · ‎06-05-2018

In an HA cluster, all members share the same configuration for fail-over purpose. For your requirements, I would suggest you take a look at SD-WAN.

dotco · ‎10-04-2019

Hi Boris,

I have same topology with you, i use SD wan for ISP fail over.

and cisco swtich above the Fortigate,

can you help me with the cisco switch configuration for isp link and interface to the Fortigate Wan port ?

it will very helpful for me.

many thanks,

.co

baris · ‎06-05-2018

Hi Ahmed,

I think I solve the topology in right manner.

Since the buildings are seperated for each fw my topology going to like that.

Although I didn't apply for today. At the moment Side A fw connected Wan interface is WAN1

Side B Wan interface WAN2 port connected to the ISP.

Monitor interface both Wan1 and Wan2 selected.

If ports down switching is so slow. Takes serious time. 5-6 min sometimes.

I think it will be corrected after fixing the topology like above.

What do you think ?

Regards,

Baris.