Redundant interfaces

Redundant interfaces

On some models you can combine two or more physical interfaces to provide link redundancy. This feature enables you to connect to two or more switches to ensure connectivity in the event one physical interface or the equipment on that interface fails.

In a redundant interface, traffic is only going over one interface at any time. This differs from an aggregated interface where traffic is going over all interfaces for distribution of increased bandwidth. This difference means redundant interfaces can have more robust configurations with fewer possible points of failure. This is important in a fully-meshed HA configuration.

An interface is available to be in a redundant interface if:

  • it is a physical interface, not a VLAN interface
  • it is not already part of an aggregated or redundant interface
  • it is in the same VDOM as the redundant interface
  • it has no defined IP address
  • is not configured for DHCP or PPPoE
  • it has no DHCP server or relay configured on it
  • it does not have any VLAN subinterfaces
  • it is not referenced in any security policy, VIP, or multicast policy
  • it is not monitored by HA
  • it is not one of the FortiGate-5000 series backplane interfaces

When an interface is included in a redundant interface, it is not listed on the System > Network > Interface page. You cannot configure the interface individually and it is not available for inclusion in security policies, VIPs, or routing.

This entry was posted in FortiGate, FortiOS, FortiOS 5.4 Handbook and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “Redundant interfaces

  1. James

    Hi Mike … We configured hardware switch mode in the FGT 200F firewall and added X3 & X4 interfaces as members, STP is working perfectly between Cisco switches (STP Forwarding enabled) but we are not able to do failover test since under monitoring interfaces both are not visible. Check with TAC and they said its feature limitation, What is the other option you suggest to allow STP BPDU forwarding?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.