- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- fortigate 200D aggregate interfaces?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
fortigate 200D aggregate interfaces?
Just got an old fortigate 200D firewall but not familiar with it.
I wanna aggregate two ports together and link them to downlink 2 switch ports.
would like to know:
is it doable to aggregate 2 ports together and link to switch ports (to increase bandwidth)?
if so, then will the port speed be limited to the lowest automatically?(the switch port speed is 10Gb using CAT6 cable)
thanks in advance
Solved! Go to Solution.
3 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, Link aggregation is supported on 200D, which we use. But I don't understand your second question while all ports on 200Ds are GE including the SFP ports. No 10Gig ports on this model as you must have seen on the datasheet.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To add to Toshi's answer, I can show you an example config (it's really simple):
config system interface
edit "if_lag_internal" set vdom "root" set type aggregate set member "port1" "port2" set lacp-speed fast next end
Here I've created an aggregated interface out of ports 1 and 2, called "if_lag_internal". You can go on and treat this like a normal physical interface in subsequent config, add it to a zone, add VLANs to it, etc.
The config on the peer, in my case a Dell switch, is similarly simple. On each interface it's:
interface Gi1/0/15
channel-group 2 mode active description "Uplink LAG to primary firewall unit"
I'll try to answer the second part of your question too: as previously stated, the 200D has no 10Gb interfaces. However, even if it did, it would be unwise to mix interface types and speeds. I don't know if it would work but even if it did you might get unreliability or weird results. And sorry if I'm telling you something you already know, but by aggregating 2 ports you don't actually get a true 2Gb link, you get load balancing across the them. So an individual IP connection will still only get the throughput of a 1Gb link. In an environment with lots of connections, the aggregated bandwidth will of course utilise the capacity of both links.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can do this and it will only use the lowest speed interface. That FGT is only 1Gb interfaces so I wouldn't connect it to a 10gb interface if you can help it. But yes, you would go into the gate, create an interface and choose type 802.3ad. It will give you the option to select which interfaces you want to use. On your switch you will have to create a matching aggregate.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, Link aggregation is supported on 200D, which we use. But I don't understand your second question while all ports on 200Ds are GE including the SFP ports. No 10Gig ports on this model as you must have seen on the datasheet.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To add to Toshi's answer, I can show you an example config (it's really simple):
config system interface
edit "if_lag_internal" set vdom "root" set type aggregate set member "port1" "port2" set lacp-speed fast next end
Here I've created an aggregated interface out of ports 1 and 2, called "if_lag_internal". You can go on and treat this like a normal physical interface in subsequent config, add it to a zone, add VLANs to it, etc.
The config on the peer, in my case a Dell switch, is similarly simple. On each interface it's:
interface Gi1/0/15
channel-group 2 mode active description "Uplink LAG to primary firewall unit"
I'll try to answer the second part of your question too: as previously stated, the 200D has no 10Gb interfaces. However, even if it did, it would be unwise to mix interface types and speeds. I don't know if it would work but even if it did you might get unreliability or weird results. And sorry if I'm telling you something you already know, but by aggregating 2 ports you don't actually get a true 2Gb link, you get load balancing across the them. So an individual IP connection will still only get the throughput of a 1Gb link. In an environment with lots of connections, the aggregated bandwidth will of course utilise the capacity of both links.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can do this and it will only use the lowest speed interface. That FGT is only 1Gb interfaces so I wouldn't connect it to a 10gb interface if you can help it. But yes, you would go into the gate, create an interface and choose type 802.3ad. It will give you the option to select which interfaces you want to use. On your switch you will have to create a matching aggregate.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi guys,
really appreciate your answers!!
my apologies to the bad statement on question 2.
here's the thing, I'm planning to use CAT6a cable to link a 10Gb switch and this fortigate 200D.
two 10Gb ports on switch will be aggregated and connect to 200D's two 1Gb aggregated interfaces.
so the second question was trying to clarify whether these two devices can handle the inconsistent speed between their ports(10Gb and 1Gb) or not. I was wondering about how a 10G switch's aggregated ports and fortigate 200D's 1Gb aggregated ports will determine the speed on cable eventually.
Related Posts
- FortiGate GRE Tunnel with Dynamically obtain... 68 Views
- Routing Issue on FortiGate 7.2.8 191 Views
- Moving away from Software Switches -... 154 Views
- Dial-up IPsec tunnels with same source... 519 Views
- Connecting Two SIP Trunks with Different... 239 Views
Labels
-
FortiGate
6,459 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
High Availability
21 -
FortiConverter
21 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.