HA between MS 425 CoreSwitch to Fortigate Firewall

Raffick
Comes here often

HA between MS 425 CoreSwitch to Fortigate Firewall

Dears , We need your support to make a HA connection between MS452 core switch to Fortigate 1000D firewall, we tried to connect 10Gb SFP in Meraki side and 1Gb SFP in FIrewall but the port not come online, Already both Core switch in STACK, how can we get the redundant link incase of switch 1 or switch 2 failure. Please find the attached below STACK image , we need to connect like below, and Port configuration also shared below,

 

switch1 - Port 29 --> Firewall 1

switch1 - Port 31 --> Firewall 2

 

switch2 - Port 29 --> Firewall 1

switch2 - Port 31 --> Firewall 2

 

Raffick_0-1631306519947.png

 

Raffick_1-1631306675495.png

 

 

 

KAR_HA.jpg

8 Replies 8
KarstenI
Kind of a big deal
Kind of a big deal

The SFPs on both sides have to match. You should use 10G SFP+ on both sides of the link.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Raffick
Comes here often

Hi  Karstenl, But the Fortigate only support 1Gb, 

cmr
Kind of a big deal
Kind of a big deal

@Raffick Then you need 1Gb SFP modules in the MS425 or if you have a dual speed module then you might be able to set it to forced 1000Mb

If my answer solves your problem please click Accept as Solution so others can benefit from it.
KarstenI
Kind of a big deal
Kind of a big deal


@Raffick wrote:

Hi  Karstenl, But the Fortigate only support 1Gb, 


Is it really a 1000D? That one supports 10Gig with SFP+ modules.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Raffick
Comes here often

Yes , Fortigate have 2 10Gb port, but here the challenge is its not support aggregate between two 10Gb port, I need to connect 2 connection from core 1 and core 2 to Firewall,

BlakeRichardson
Kind of a big deal
Kind of a big deal

@Raffick  You need to mathc SFP module speed at each each as already mentioned. If the Fortigate doesn't support link aggreation on its 10Gb ports then you will need to use a 1Gb port. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Bruce
Kind of a big deal

@Raffick, once you’ve replaced the SFP+ modules with SFP and got your links working at 1Gbps, you might want to create an aggregation port too. Select port 29 from both switches and create and aggregation, and likewise for port 31, so you end up with two logical links. On the FortiGates you also create aggregation ports, two ports on Firewall 1, and then two ports on Firewall 2. 

Inderdeep
Kind of a big deal
Kind of a big deal

@Raffick : It is important to understand that you need to match the SFP or SFP+ on both side.

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels