Hot!VDOM HA FGSP with config synchronization between CPD( I need a L2 interface for HA)

Author
i.urrutxi
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/02/28 04:14:31
  • Status: offline
2020/06/13 04:23:19 (permalink) 6.2
0

VDOM HA FGSP with config synchronization between CPD( I need a L2 interface for HA)

Hello,
 
Has anyone got HA between two fortigates with FGSP syncing the settings ?. The FG are in diferent CPDs I know that it takes a level 2 to do the synchronization. 
It seems that Fortinet does not recommend doing that configuration sync.

set standalone-config-sync enable


I want to know if someone has it mounted and working, of course, with synchronization of the configuration.


I would appreciate your comments on it.

Thanks in advance.
#1

2 Replies Related Threads

    ede_pfau
    Expert Member
    • Total Posts : 6383
    • Scores: 547
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: VDOM HA FGSP with config synchronization between CPD( I need a L2 interface for HA) 2020/06/13 07:57:17 (permalink)
    0
    Why don't you connect both FGTs via a Layer2 link and configure plain HA clustering instead? Done this across 2 datacenters in different corners of a big city.
    Might be that the passive cluster member cannot fully take over in case the primary fails (due to connections not available) but at least the configs are 100% identical.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #2
    i.urrutxi
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/02/28 04:14:31
    • Status: offline
    Re: VDOM HA FGSP with config synchronization between CPD( I need a L2 interface for HA) 2020/06/14 09:53:35 (permalink)
    0
    Hello,
     
    I don't want to have the two CPDs join between L2. I have another HA solution with FGCP with Vdoms and 2 two cluster. That works fine. I'm thinking to have the same solution with FGSP and vdoms but without L2. The main problem is to config synchronization. I have 3 solution:
     
    1- HA with L2 only for HA, I don't wanth to have L2 with traffic interfaces. I'm not sure that this works fine. Has anyone got HA between two fortigates with FGSP syncing the settings?. This is the question.
    2- To use a Fortimanager to synchronize the conf between the FWs. To have one Adom for vdoms in the two FWs for the same customer.
    3- To develop with terraform or agile a own solution to conf and synchronize the conf.
     
    I prefer the first one but I want to khown that works fine. If someone have this working I would appreciate any information.
     
    Thanks in advance.
    #3
    Jump to:
    © 2020 APG vNext Commercial Version 5.5