Thanks Mike. Would probably suggest going to switch 1 and middle switch in your stack rather than the last switch - technically the first and last would be the same as doing the first and second switches in the stack. This will give you the best chance of not exceeding your max STP depth in the case that one of your 'stack' links goes down.
informative video. thank you. I do believe that hardware stack - dedicated stack ports - will greatly simplify the cabling and also improve throughput (on the backplane).
Hello Mike, Just a quick question, i would like to have 2-Isp failover and FortiGate HA, but my question is: can i have 2x FortiSwitches run a failover ? So if 1x Switch fails then Secondary switch will take place. thank you
Turn on SD-WAN on the FortiGate then use switches north of the FortiGate. If you want to do it without buying a switch you can do that too. Plug one ISP in FortiGate A, then the other ISP into FortiGate B. Configure a hardware based switch on both FortoGates and cross link them.
I'd set up 2 ISP VLANs on the switch side and use one port on one switch for ISP 1, then another port on the other switch for ISP 2. Then you could add those two VLAN interfaces as SD-WAN interfaces and continue configuring from there.
Hi Mohamed. You'll need a firewall that is capable of 802.3ad link aggregation. Go to Network -> Interfaces, and create a new interface, then select the 802.3ad link aggregation "type" from the drop-down box. If your fortigate doesn't have that option, then you won't be able to do it. Please note that for high-end firewalls, you want to make sure the links you're aggregating are attached to the same NPU if possible.
Hello there, What about MC-LAG? I am looking to do MC-LAG for downstream (my servers). Can I use this setup and still do MC-LAG? When I read the documentation it seems like you cannot "forti link with split interface disabled" I will have only 2 switches in my Data Center and 10+ on branches.. Which seems that I am going to need FortiLink layer 3.. - docs.fortinet.com/document/fortiswitch/latest/devices-managed-by-fortios/780635/switch-redundancy-with-mclag
Thanks Mike. Would probably suggest going to switch 1 and middle switch in your stack rather than the last switch - technically the first and last would be the same as doing the first and second switches in the stack. This will give you the best chance of not exceeding your max STP depth in the case that one of your 'stack' links goes down.
informative video. thank you. I do believe that hardware stack - dedicated stack ports - will greatly simplify the cabling and also improve throughput (on the backplane).
I don’t see fortinet going that far. I may be wrong though. I think they like the idea of any port being a “stack” port
Love the video next time use a darker marker hard to see. Thanks again
Thanks Mike. What happens when the stack is connect to a pair of switches with fiber ports?
Just wondering if this is possible for active-active HA setup?
Hello Mike, Just a quick question, i would like to have 2-Isp failover and FortiGate HA, but my question is: can i have 2x FortiSwitches run a failover ? So if 1x Switch fails then Secondary switch will take place. thank you
As long as you duplicate ports and make sure the VLAN is utilized for internet and monitoring you would be fine.
does Fortinet has Core SW? in Cisco the Access SW I stack them and connect this stack to the Core SW. connect the Core SW to the ASA.
Great video!
Can you please do Fortigate HA with redundant ISP?
Sure, that will be my next video to do. Possibly this weekend!
Turn on SD-WAN on the FortiGate then use switches north of the FortiGate. If you want to do it without buying a switch you can do that too. Plug one ISP in FortiGate A, then the other ISP into FortiGate B. Configure a hardware based switch on both FortoGates and cross link them.
I'd set up 2 ISP VLANs on the switch side and use one port on one switch for ISP 1, then another port on the other switch for ISP 2. Then you could add those two VLAN interfaces as SD-WAN interfaces and continue configuring from there.
Is using a LAG LACP an option instead of a redundant link or are any cons?
How can i link aggregate two links for fortilink to increase the fortilink through put from 1GB to 2GB or more
Hi Mohamed. You'll need a firewall that is capable of 802.3ad link aggregation. Go to Network -> Interfaces, and create a new interface, then select the 802.3ad link aggregation "type" from the drop-down box. If your fortigate doesn't have that option, then you won't be able to do it. Please note that for high-end firewalls, you want to make sure the links you're aggregating are attached to the same NPU if possible.
Gr8!! Thank u
Hello there,
What about MC-LAG? I am looking to do MC-LAG for downstream (my servers). Can I use this setup and still do MC-LAG? When I read the documentation it seems like you cannot "forti link with split interface disabled" I will have only 2 switches in my Data Center and 10+ on branches.. Which seems that I am going to need FortiLink layer 3.. - docs.fortinet.com/document/fortiswitch/latest/devices-managed-by-fortios/780635/switch-redundancy-with-mclag
Is it possible to setup two sets(or more) of fortilink?
Joe Hsu 3 possibilities to build a switch stack. But only 1 stack can be build on a fortigate. In what scenario would you want to use more fortilinks?
Yes you can. You can via CLI. There is a CLI command to allow multiple fortilink interfaces
very bad pen used for such a good video