Fortinet Document Library

Version:

Version:


Table of Contents

FortiGate-7000F Handbook

Download PDF
Copy Link

Using M3 interfaces for HA heartbeat and M1 interfaces in a LAG for session synchronization

This example shows how to set up the following HA heartbeat and session synchronization connections between two FortiGate-7121F chassis:

  • Redundant HA heartbeat communication over the 1-M3 and 2-M3 interfaces of each chassis. The HA heartbeat interfaces are connected together with a FortiSwitch.

  • Session synchronization over a LAG consisting of the 1-M1 and 2-M1 interfaces of each chassis. The session synchronization LAGs are also connected together with a FortiSwitch.

This example uses FortiSwitches, but you can use any compatible switch configuration.

FortiGate-7121F HA configuration

On both chassis, create the following LAG for session synchronization communication:

config system interface

edit MLag

set type aggregate

set member 1-M1 2-M1

end

Chassis 1 would have the following HA configuration:

config system ha

set group-id <id>

set group-name <name>

set mode a-p

set hbdev 1-M3 100 2-M3 100

set chassis-id 1

set hbdev-vlan-id 4092

set hbdev-second-vlan-id 4091

set session-sync-dev MLag

set session-pickup enable

set session-pickup-connectionless enable

set session-pickup-expectation enable

set password <password>

end

Chassis 2 would have the following HA configuration:

config system ha

set group-id <id>

set group-name <name>

set mode a-p

set hbdev 1-M3 100 2-M3 100

set chassis-id 2

set hbdev-vlan-id 4092

set hbdev-second-vlan-id 4091

set session-sync-dev MLag

set session-pickup enable

set session-pickup-connectionless enable

set session-pickup-expectation enable

set password <password>

end

HA heartbeat switch configuration

The FortiSwitch has the following configuration for the HA heartbeat interfaces:

Switch interface port23.1 is connected to the 1-M3 interface of chassis 1.

config switch interface

edit port23.1

set native-vlan 295

set allowed-vlans 4092

set auto-discovery-fortilink enable

set snmp-index 23

end

Switch interface port23.3 is connected to the 2-M3 interface of chassis 1.

config switch interface

edit port23.3

set native-vlan 294

set allowed-vlans 4091

set stp-state disabled

set auto-discovery-fortilink enable

set snmp-index 59

end

Switch interface port24.1 is connected to the 1-M3 interface of chassis 2.

config switch interface

edit port24.1

set native-vlan 295

set allowed-vlans 4092

set auto-discovery-fortilink enable

set snmp-index 24

end

Switch interface port24.3 is connected to the 2-M3 interface of chassis 2.

config switch interface

edit port24.3

set native-vlan 294

set allowed-vlans 4091

set stp-state disabled

set auto-discovery-fortilink enable

set snmp-index 48

end

Session synchronization switch configuration

The FortiSwitch has the following configuration for the session synchronization interfaces:

Create the following trunk for the Chassis 1 LAG:

config switch trunk

edit CH1_13_Mlag

set mode lacp-active

set members port25 port29

end

Create the following trunk for the Chassis 2 LAG:

config switch trunk

edit CH2_11_Mlag

set mode lacp-active

set members port26 port30

end

Configure the Chassis 1 LAG trunk interface:

config switch interface

edit CH1_12_MLag

set native-vlan 297

set snmp-index 46

end

Configure the Chassis 2 LAG trunk interface:

config switch interface

edit CH2_11_Mlag

set native-vlan 297

set snmp-index 51

end

Using M3 interfaces for HA heartbeat and M1 interfaces in a LAG for session synchronization

This example shows how to set up the following HA heartbeat and session synchronization connections between two FortiGate-7121F chassis:

  • Redundant HA heartbeat communication over the 1-M3 and 2-M3 interfaces of each chassis. The HA heartbeat interfaces are connected together with a FortiSwitch.

  • Session synchronization over a LAG consisting of the 1-M1 and 2-M1 interfaces of each chassis. The session synchronization LAGs are also connected together with a FortiSwitch.

This example uses FortiSwitches, but you can use any compatible switch configuration.

FortiGate-7121F HA configuration

On both chassis, create the following LAG for session synchronization communication:

config system interface

edit MLag

set type aggregate

set member 1-M1 2-M1

end

Chassis 1 would have the following HA configuration:

config system ha

set group-id <id>

set group-name <name>

set mode a-p

set hbdev 1-M3 100 2-M3 100

set chassis-id 1

set hbdev-vlan-id 4092

set hbdev-second-vlan-id 4091

set session-sync-dev MLag

set session-pickup enable

set session-pickup-connectionless enable

set session-pickup-expectation enable

set password <password>

end

Chassis 2 would have the following HA configuration:

config system ha

set group-id <id>

set group-name <name>

set mode a-p

set hbdev 1-M3 100 2-M3 100

set chassis-id 2

set hbdev-vlan-id 4092

set hbdev-second-vlan-id 4091

set session-sync-dev MLag

set session-pickup enable

set session-pickup-connectionless enable

set session-pickup-expectation enable

set password <password>

end

HA heartbeat switch configuration

The FortiSwitch has the following configuration for the HA heartbeat interfaces:

Switch interface port23.1 is connected to the 1-M3 interface of chassis 1.

config switch interface

edit port23.1

set native-vlan 295

set allowed-vlans 4092

set auto-discovery-fortilink enable

set snmp-index 23

end

Switch interface port23.3 is connected to the 2-M3 interface of chassis 1.

config switch interface

edit port23.3

set native-vlan 294

set allowed-vlans 4091

set stp-state disabled

set auto-discovery-fortilink enable

set snmp-index 59

end

Switch interface port24.1 is connected to the 1-M3 interface of chassis 2.

config switch interface

edit port24.1

set native-vlan 295

set allowed-vlans 4092

set auto-discovery-fortilink enable

set snmp-index 24

end

Switch interface port24.3 is connected to the 2-M3 interface of chassis 2.

config switch interface

edit port24.3

set native-vlan 294

set allowed-vlans 4091

set stp-state disabled

set auto-discovery-fortilink enable

set snmp-index 48

end

Session synchronization switch configuration

The FortiSwitch has the following configuration for the session synchronization interfaces:

Create the following trunk for the Chassis 1 LAG:

config switch trunk

edit CH1_13_Mlag

set mode lacp-active

set members port25 port29

end

Create the following trunk for the Chassis 2 LAG:

config switch trunk

edit CH2_11_Mlag

set mode lacp-active

set members port26 port30

end

Configure the Chassis 1 LAG trunk interface:

config switch interface

edit CH1_12_MLag

set native-vlan 297

set snmp-index 46

end

Configure the Chassis 2 LAG trunk interface:

config switch interface

edit CH2_11_Mlag

set native-vlan 297

set snmp-index 51

end