I wonder if the spare MX in HA Mode forwards traffic or not (if both ports have the same VLAN)?
Please help me clarify it!
so if I want to deploy full-mesh 2 MXs with 2 Fortigate like below topology, can you recommend me the configuration for both firewall pairs!
I would leave the "black" link between the MX's. I would single connect each Fortigate to its nearest MX. Then you wont have any loops.
But both MXs can not see each other and we can not create a warm-spare setup.
(According to Fortigate, the Slave FG does not forward traffic.)
If you leave the black link in between the two MXs then they will be able to see each other. They are directly plugged into each other.
If the slave Fortigate does not forward traffic then you don't have a problem.
yes, I misunderstood "leave" action :). Exactly what I think the most possible topology.
Thank you for confirming again!
How interesting! You have selected the same combo of firewalls, and placed them in the same order as I have... but
on my go-live I keep having spanning tree issues (I think) that are taking too long a time to resolve and that prevents my go-live and I have to back out 😞
My fortigates are slightly different, I think, as I am told they are an active active cluster in transparent mode, the thinking being should benefit from the additional processing power, at the expense of a few discontinued sessions if there were to be a failure. We also want to do WAN/ISP + VPN tunnel load balancing to complete the redundancy
in our network...
My interconnections at the wiring level are exactly as you proposed in your diagram...
Would you be able to post a diagram of your functional solution once implemented?
Thanks a million,