Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Best Practices

    Home FortiProxy 7.2.0 Best Practices
    7.2.0
    7.6.0
    7.4.0
    7.2.0

    High availability and redundancy

    High availability and redundancy

    Downtime due to an unexpected network failure negatively impacts business operations. For some companies, some downtime is acceptable; for others, any downtime is unacceptable. Determine your uptime requirements, and ensure that your network has the resilience to meet those requirements.

    Building a resilient network costs more initially, as it can include HA, cold standby spares, multiple internet circuits, premium supports contracts, and more.

    High availability

    HA provides resilience not only in the event of a cluster member failing, but also allows for firmware updates without any downtime. Several HA options are supported by FortiProxy: Stand-Alone, Active-Passive, and Config-Sync (Active-Active).

    Assess your environment and budget to determine what options are most appropriate for your use case.

    Redundant and aggregate links

    Using multiple interfaces and links adds resiliency if one link fails, and increases throughput at a lower cost than using a single link with a larger throughput. For example, a 10 GB interface can be less than half the cost of a 20 GB interface.

    When using multiple links to connect your FortiProxy to the LAN, asses your network for single points of failure. For example, if both links connect to a single switch, and that switch fails, then you could experience an outage. If a single FortiProxy is used in the network path, a failure on that FortiProxy would also disrupt traffic. A full mesh switching solution along with FortiProxy HA could be used so that no single link, switch, or proxy is a point of failure that could disrupt the entire network. For information on FortiSwitch architectures that can deploy such redundancy, see the FortiSwitch documentation.

    Previous
    Next

    High availability and redundancy

    High availability and redundancy

    Downtime due to an unexpected network failure negatively impacts business operations. For some companies, some downtime is acceptable; for others, any downtime is unacceptable. Determine your uptime requirements, and ensure that your network has the resilience to meet those requirements.

    Building a resilient network costs more initially, as it can include HA, cold standby spares, multiple internet circuits, premium supports contracts, and more.

    High availability

    HA provides resilience not only in the event of a cluster member failing, but also allows for firmware updates without any downtime. Several HA options are supported by FortiProxy: Stand-Alone, Active-Passive, and Config-Sync (Active-Active).

    Assess your environment and budget to determine what options are most appropriate for your use case.

    Redundant and aggregate links

    Using multiple interfaces and links adds resiliency if one link fails, and increases throughput at a lower cost than using a single link with a larger throughput. For example, a 10 GB interface can be less than half the cost of a 20 GB interface.

    When using multiple links to connect your FortiProxy to the LAN, asses your network for single points of failure. For example, if both links connect to a single switch, and that switch fails, then you could experience an outage. If a single FortiProxy is used in the network path, a failure on that FortiProxy would also disrupt traffic. A full mesh switching solution along with FortiProxy HA could be used so that no single link, switch, or proxy is a point of failure that could disrupt the entire network. For information on FortiSwitch architectures that can deploy such redundancy, see the FortiSwitch documentation.

    Previous
    Next