Setting up HA management connections
Fortinet recommends the following configurations for redundant management connections to a FortiGate-7000E HA configuration.
- Single management connections to each of the FIMs.
- Redundant management connections to each of the FIMs.
These management connections involve connecting the static redundant management interfaces (MGMT1 to MGMT4) of each FIM in the HA configuration to one or more switches. You do not have to change the FortiGate-7000E configuration to set up redundant management connections. However, specific switch configurations are required for each of these configurations as described below.
LACP is not supported for the mgmt aggregate interface. |
Setting up single management connections to each of the FIMs
The simplest way to provide redundant management connections to a FortiGate-7000E HA configuration involves connecting the MGMT1 interface of each of the FIMs to four ports on a switch. On the switch you must add the four switch ports to the same VLAN. Then connect the switch to your management network and allow traffic from the VLAN to the management network.
A FortiGate-7030E HA configuration only has two FIMs so would only require two switch ports. |
Example FortiGate-7000E HA redundant management connections
Setting up redundant management connections to each of the FIMs
You can enhance redundancy by setting up two redundant management connections to each FIM. To support this configuration, on the switch you must create a port channel for each FIM interface. Create a total of four port channels, one for each FIM and add each of the port channels to the same VLAN. Then connect the switch to your management network and allow traffic from the VLAN to the management network.
If you use two switches, the VLAN should span across both switches.
A FortiGate-7030E HA configuration only has two FIMs so would only require two port channels. |
Example FortiGate-7000E HA redundant management connections with redundant connections to each FIM