We help IT Professionals succeed at work.

stacking switch link to Fortigate HA

We have 2 units Fortigate 101 configure as HA Active-Passive ,both devices port 1 are connected to our one of the internal switch  but recently our switch is faulty and we will planning to buy 2 units stack the switch together to have redundancy.

Please advise to archive this i need to configure aggregation two port and configure POL in switch port ?Fortigate HA
Comment
Watch Question

you can use one lacp agregate per fortinet with both the switches on the opposite side ( the 2 blue links on your schema would be one of them, the 2 orange the other ) which would be the best setup.

without aggregates, you'd need to throw in some spanning tree or make sure the fortinets do not allow traffic to flow from one interface to the other. i recollect there is an option in fortinets when setting up port groups. but anyway the above is much more reliable.

Author

Commented:
Please help to verify configuration was correct and my Firewall is running on active passive HA mode

FW01 and FW02-port 15 and port 16 reconfigured as aggregated interface

SW01 Gi1/0/47~48 as POL101
SW02 Gi2/0/47~48 as POL101


FW01 port 15 -- SW01 Gi1/0/47
FW01 port 16 -- SW02 Gi2/0/47

FW02 port 15 --SW02 Gi1/0/48
FW02 port 16 --SW02 Gi2/0/48
Seems good except you used po101 Twice on the stack. I would assume a typo : you should use 2 different agregates.

Sw1 port47 with sw2 port 47
And
Sw1 port48 with sw2 port 48

if everything works as expected you can unplug one switch and one firewall without issues. Or unplug any 3 cables among the 4

Author

Commented:
thanks for the advice ,I forgot stacked switch will form as the on logical switch .

I will configure to two POL .