![]() Please note that the software switch was configured using instructions provided directly by the fortigate documentation and support team. Conversely, the fortigate command-line cannot ping or reach the systems plugged into the soft switch. It appears like devices plugged into the software switch ports can communicate between each-other, but they cannot reach the IP configured for the software switch "interface" of the fortigate on same subnet. This solution has been worked for the specific scenario, It may not work in other scenarios.I'm trying to get a software switch configuration working on a Fortigate 100D. ![]() If you know a better solution for this, let me know too ❤ We had to design this workaround for temporally usage. I’m sharing this article because I could not find any article in this specific scenario. Also, to get best out of this solution you should cable the exactly as this (Cross). Incase you needed to implement this on your production environment make sure to get existing configuration backups and mark the cables properly. Let me know if we have workaround for that. In that rare scenario there will be an complete service outage.Īs far as my knowledge this FortiGate limitation exist on the newest 6.4.x series too. Due to that reason, Automatic failover is not possible if illustrated active cable (or interface) got faulty / malfunction. In FortiGate, High Availability cannot monitor virtual switches. Limitations in Virtual Switch configuration. Reason for state change: Incorrect configuration - Local cluster member has fewer cluster interfaces configured compared to other cluster member(s)ĭue to that LACP was not an option. Due to that failover will never happen! FortiGate keeps its passive appliance’s interfaces inactive whereas Checkpoint keeping its interfaces up and manage the communications via Virtual IP addresses. The reason is checkpoint will identify as the FortiGate secondary firewall’s interfaces down. However Checkpoint HA status will be Active-Down. What if we use LACP (Aggregates) than this Virtual switches.įortiGate HA will not show any issue because it works as Active-Passive. Tested Operating systems: FortiGate FortiOS 6.2.3 | Checkpoint R80.30 | Hardware appliances with physical connectivity. But it works.įortiGate HA status : Active-Passive : Hardware failover & monitored interface failover works without issue.Ĭheckpoint HA status : Active-Stand By : Hardware failover & monitored interface failover works without issue. | Operation Mode: Active-Backup | Three IP addresses : Each cluster & VIPįortiGate: Virtual Switch with 2 physical interfaces. Checkpoint Bond: with 2 physical interfaces. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |