Managing FortiSwitch Stack with HA FortiGate Cluster PART2
Part 2 of the white board session that shows some diagrams via computer (may be clearer than my whiteboard with glare) as well as some inside the fortigate perspective.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Thanks for the awesome videos. I have a couple of questions.
1) You say redundant interface in the first video, but then you use redundant interface and aggregate interface interchangeably, but they are different interface types. Which should you be using?
2) If the Fortigate is appropriately sized, is there any negative to setting fortiswitch-splitlink to disabled? I’d like to use an active LACP aggregate to a stack of 4 switches, but everything references only an active link/standby link.
3) Since you can’t do redundant or aggregate with anything under a FG-100, whats the recommended method for managing a stack of switches with the smaller units?
1. I use it interchangeably by mistake in the video. I intend for it to be redundant in this video.
2. I like to use split link because in all honesty, it just works better. Without it, I notice switches dropping off a good deal
3. You can run them through the FortiGate directly via Hardswitch if it is lower traffic. Interconnect the switches and have top and bottom go to the FortiGate.
After watching this and a few other videos, I might have my configuration incorrect for a HA Fortigate pair with redundant 1048E and 424E switches. I have pair 600E units in HA with software switch FortiLink with X1, X2, and ports 11 and 12 in the switch. The port X1 on Primary 600E connects LC to port 47 on 1048E_SW01 and port X1 on Secondary 600E port 47 on 1048E_SW02. The X2 is connected to the corresponding switches on port 48 via LC fiber
The Ethernet ports 11 and 12 on 600E feed the Ports 28 on the 424E switches. There is currently no ISL between the 1048E or the 424E switches .
I need to connect Nutanix / Xen hosts ( in a cluster) via 10GB fiber to the Switch ports on each of the 1048E
The iLo/IPMI from each Nutanix cluster and Xen farm will connect to the 424E 1 GB Ethernet for management only.
Should this have been built using the hardware ( Redundant or Aggregate ) from the Fortigate and connected the ISL between the stack in order to more efficiently use the Hardware switching ?
My goal is to have both 10GB ports on the HPE/Xen hosts active load balanced while only 1 Fortigate is actively processing.
I appreciate your time and assistance