Meraki

Community

HA between MS 425 CoreSwitch to Fortigate Firewall

Raffick
Comes here often
‎Sep 10 2021 1:45 PM
‎Sep 10 2021 1:45 PM

HA between MS 425 CoreSwitch to Fortigate Firewall

Dears , We need your support to make a HA connection between MS452 core switch to Fortigate 1000D firewall, we tried to connect 10Gb SFP in Meraki side and 1Gb SFP in FIrewall but the port not come online, Already both Core switch in STACK, how can we get the redundant link incase of switch 1 or switch 2 failure. Please find the attached below STACK image , we need to connect like below, and Port configuration also shared below,

 

switch1 - Port 29 --> Firewall 1

switch1 - Port 31 --> Firewall 2

 

switch2 - Port 29 --> Firewall 1

switch2 - Port 31 --> Firewall 2

 

Raffick_0-1631306519947.png

 

Raffick_1-1631306675495.png

 

 

 

KAR_HA.jpg

Labels:
0 Kudos
8 Replies 8
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 10 2021 2:24 PM
‎Sep 10 2021 2:24 PM

The SFPs on both sides have to match. You should use 10G SFP+ on both sides of the link.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
In response to KarstenI
Raffick
Comes here often
‎Sep 10 2021 2:29 PM
‎Sep 10 2021 2:29 PM

Hi  Karstenl, But the Fortigate only support 1Gb, 

0 Kudos
In response to Raffick
cmr
Kind of a big deal
Kind of a big deal
‎Sep 10 2021 3:06 PM
‎Sep 10 2021 3:06 PM

@Raffick Then you need 1Gb SFP modules in the MS425 or if you have a dual speed module then you might be able to set it to forced 1000Mb

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Raffick
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 10 2021 11:14 PM
‎Sep 10 2021 11:14 PM

@Raffick wrote:

Hi  Karstenl, But the Fortigate only support 1Gb, 

Is it really a 1000D? That one supports 10Gig with SFP+ modules.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to KarstenI
Raffick
Comes here often
‎Sep 11 2021 3:06 AM
‎Sep 11 2021 3:06 AM

Yes , Fortigate have 2 10Gb port, but here the challenge is its not support aggregate between two 10Gb port, I need to connect 2 connection from core 1 and core 2 to Firewall,

0 Kudos
In response to Raffick
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Sep 12 2021 12:50 PM
‎Sep 12 2021 12:50 PM

@Raffick  You need to mathc SFP module speed at each each as already mentioned. If the Fortigate doesn't support link aggreation on its 10Gb ports then you will need to use a 1Gb port. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
Bruce
Kind of a big deal
‎Sep 10 2021 3:41 PM
‎Sep 10 2021 3:41 PM

@Raffick, once you’ve replaced the SFP+ modules with SFP and got your links working at 1Gbps, you might want to create an aggregation port too. Select port 29 from both switches and create and aggregation, and likewise for port 31, so you end up with two logical links. On the FortiGates you also create aggregation ports, two ports on Firewall 1, and then two ports on Firewall 2. 

Inderdeep
Kind of a big deal
Kind of a big deal
‎Sep 10 2021 4:44 PM
‎Sep 10 2021 4:44 PM

@Raffick : It is important to understand that you need to match the SFP or SFP+ on both side.

Regards/Inder
Cisco IT Blogs awarded in 2020 & 2021
www.thenetworkdna.com
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.