He. I have setup my 2 Fortigate 100F in a HA configuration and set management IP adresses to both the Master and the Slave after your instructions. The problem is that it is only the active master that answers on both the management IP and the "clusterd" IP. Have i missed some settings?
Hi Adam,HA ..FortigateA-Port2(10.1.1.1)-----MPLS Point to Point----(10.1.1.2)Port2--FortigateB . A and B have same mac address and they are able to ping each other..as per my knowledge A and B is in same broadcast domain then it should show mac address conflict.how they are able to ping ?any technical view appreciated
When high availability is in use, the firewall assigns virtual Mac addresses in addition to the physical Mac addresses of the interfaces to pass traffic. So a real simple answer to you my friend is that HA interfaces can have multiple Mac addresses.
I believe the version of gns3 that's coming out soon has hardware acceleration for qemu so you don't have to use the VM anymore. it is labeled experimental but I will definitely delve into it when I get some timeand I'm planning on redoing my building a lab videos once gns3 2.2 comes out and it should support this feature.
@@DevinAdams Thanks Deivn so better for me i have to use KVM images ? if i done any projects or file in images like paloAlto or FTD automatically will save or i have to use somethings ?
@@osmansalah7687 well I'll be a monkey's Uncle, it is! Okay I'll put on my to-do list. I still need to finish my bgp lab, how to configure a radius server, and also how to do an h a firmware upgrade before I get around to it. Thanks for letting me know.
Haha! Dude! you realize I just recorded like 20 videos!! I ran out of time and I got to go take my test. But I actually was in the middle of lapping it up when my timer went off. I'll finish it sometime this weekend and upload it but I'll make sure to film creating everything from scratch. Thanks for watching!
Hi, I came here to review best practices for HA... you can most certainly get to the CLI of the standby unit over the FGCP synchronization links. It's the "execute ha manage" command.
Well presented Devin, funny to
He. I have setup my 2 Fortigate 100F in a HA configuration and set management IP adresses to both the Master and the Slave after your instructions. The problem is that it is only the active master that answers on both the management IP and the "clusterd" IP. Have i missed some settings?
Hi do you set your gateway on the Ha ports i have 4 fortigates in a cluster and would like to do the same for management
Awesome on spot demonstration!
Hi did you ever do a HA configuration on SD-Wan link
Hi Adam,HA ..FortigateA-Port2(10.1.1.1)-----MPLS Point to Point----(10.1.1.2)Port2--FortigateB . A and B have same mac address and they are able to ping each other..as per my knowledge A and B is in same broadcast domain then it should show mac address conflict.how they are able to ping ?any technical view appreciated
When high availability is in use, the firewall assigns virtual Mac addresses in addition to the physical Mac addresses of the interfaces to pass traffic. So a real simple answer to you my friend is that HA interfaces can have multiple Mac addresses.
@@DevinAdams Thanks for the reply but when i create Manual ARP on B router I am not able ping both way
just make sure your two clusters have different group-id's as the HA virtual mac's are defined by the group-id
Super! Devin - Well done :-)
Hi Devin, can you please make a small video in upgrading Firmware in HA?
It might be a bit but I'll definitely add it to the Todo list!
Very nice explain sir
Good job can you make video for how to use Windows Qemu into GNS3
thanks a lot Devin
I believe the version of gns3 that's coming out soon has hardware acceleration for qemu so you don't have to use the VM anymore. it is labeled experimental but I will definitely delve into it when I get some timeand I'm planning on redoing my building a lab videos once gns3 2.2 comes out and it should support this feature.
@@DevinAdams Thanks Deivn
so better for me i have to use KVM images ?
if i done any projects or file in images like paloAlto or FTD automatically will save or i have to use somethings ?
@@DevinAdams GNS3 2.2.0 it's already came out and ready
@@osmansalah7687 well I'll be a monkey's Uncle, it is! Okay I'll put on my to-do list. I still need to finish my bgp lab, how to configure a radius server, and also how to do an h a firmware upgrade before I get around to it. Thanks for letting me know.
stay focus
What is your fortianlayzer version ?
I believe it is 6.0.0
Plase one practice of Advpn whit multi AS in BGP
Haha! Dude! you realize I just recorded like 20 videos!! I ran out of time and I got to go take my test. But I actually was in the middle of lapping it up when my timer went off. I'll finish it sometime this weekend and upload it but I'll make sure to film creating everything from scratch. Thanks for watching!
Hi, I came here to review best practices for HA... you can most certainly get to the CLI of the standby unit over the FGCP synchronization links. It's the "execute ha manage" command.
mic muff