M4300 SFP Port Trunking Issues

Hi Daniel,

I fixed the failover problem by enabling the dynamic LACP mode in both stack and layer 2 switch. Awesome!

for the question 1, I would like to reply the your suggestion first

1. Yes, master and slave a connect with same subnet address and has 1s heartbeat to detect each other

2. and 3. The firewall doesn't have virtual IP, it not the same as the VRRP standard protocol, instead, they sync the setting from each other, that means firewall A and B has the exact same setting except the heartbeat interface, so the only way I can identify them are the heartbeat interface. also, when I have switch and connect both firewall at the same time with the eth ip address, i'm always connected to the firewall A if it is in normal state, once it failed, i will redirect to firewall B. in this situation, the virtual ip is not a must I think?

4. I cannot find any setting on the Firewall about dynamic LACP (I think this is the key), the firewall has the option called "Link state detection" which allow me to set an IP address to have periodic check like heartbeat, I set 192.168.100.1 in that field

5. Yes, I have this setup and it's already enabled

Test

1. unplug  eth 3 / 4 at the same time in Firewall A

yes, Firewall B became Active, and LAG to Firewall A was down in switch stack, LAG to Firewall B is still up, when I plug back eth 3 and 4 at Firewall A, it become Active again, and B to standby (So, it obviously detect the link failure!!!!)

2. set LAG to Firewall A and B to dynamic LACP

since I don't have any setting that allow me to enable dynamic LACP, yes, the state was changed to down as expected

I think LACP is the key but I cannot prove it, I'm going to upload my log, you may have a check on it. Thanks for helping me a lot