Hi!I want to set up HA with fortigate firewalls like: switch - fw - switch internet ---> | | | --> LAN switch - fw - switch and appropriate interconnections between the switches -> is this possible with the GS716TV3?can I get some config examples? Trying to eliminate the switches as single points of failure thanks for looking Model: GS716Tv3|ProSafe 16 ports Gigabit Smart switch

yagyu, Welcome to our community! :) May I know what do you want to achieve here? The firewall should be the one that is connected to the internet first before the switch. Do you have a multi-WAN setup? Regards, John NETGEAR Community Team

yagyu wrote:I want to set up HA with fortigate firewalls like: switch - fw - switch internet ---> | | | --> LAN switch - fw - switchYes, with Internet connections providing plain IP on the WAN connection (no PPTP, no PPPoE, ...), and permitting you don't expect e.g some L3 features like routing or VRRP, this can be configured with any switch. General advise: Consult with your firewall vendor for HA/failover/cluster configurtion switch requirements. JohnC_V no Multi-WAN and so on required for such a HA set-up. HA capable firewalls from Fortigate, Sonicwall, or ZyXEL (this isn't consumer ****) are supporting virtual MAC addresses. FMI:HA Cluster virtual MAC addresses

Curious how you intend to connect what akes up the "Internet" at your site - typically a device with just one port - should be connected in a full HA set-up.

Hi JohnI want to have redundant firewalls in case one dies it's not a SPOF.To achieve this I need a switch to aggregate my 2 firewalls and 1 internet circuit line.Just like this contraption: https://docs.fortinet.com/document/fortigate/6.4.2/administration-guide/900885/ha-active-passive-cluster-setup To go one better I want 2 switches in HA too if I can. Matt

yagyu wrote:To go one better I want 2 switches in HA too if I can.And a little assistant changing the link to the Internet line in the failure case? This is what we implement in basic HA environments - you can add two additional switches on the Internet side of you desire:

GS716Tv3 Ha SETUP | NETGEAR Communities

5 Replies

JohnC_V
NETGEAR Employee Retired
Feb 24, 2021
yagyu,

Welcome to our community! :)

May I know what do you want to achieve here? The firewall should be the one that is connected to the internet first before the switch. Do you have a multi-WAN setup?

Regards,

John

NETGEAR Community Team
- yagyu
  Aspirant
  Feb 26, 2021
  Hi John
  I want to have redundant firewalls in case one dies it's not a SPOF.
  To achieve this I need a switch to aggregate my 2 firewalls and 1 internet circuit line.
  Just like this contraption:
  
  https://docs.fortinet.com/document/fortigate/6.4.2/administration-guide/900885/ha-active-passive-cluster-setup
  
  To go one better I want 2 switches in HA too if I can.
  
  Matt
  - schumaku
    Guru - Experienced User
    Feb 27, 2021
    yagyu wrote:
    To go one better I want 2 switches in HA too if I can.
    And a little assistant changing the link to the Internet line in the failure case?
    
    This is what we implement in basic HA environments - you can add two additional switches on the Internet side of you desire:
schumaku
Guru - Experienced User
Feb 24, 2021
yagyu wrote:
I want to set up HA with fortigate firewalls like:
                   switch   -     fw - switch
internet --->    |               |         |              --> LAN
                   switch    -   fw    - switch
Yes, with Internet connections providing plain IP on the WAN connection (no PPTP, no PPPoE, ...), and permitting you don't expect e.g some L3 features like routing or VRRP, this can be configured with any switch.

General advise: Consult with your firewall vendor for HA/failover/cluster configurtion switch requirements.

JohnC_V no Multi-WAN and so on required for such a HA set-up. HA capable firewalls from Fortigate, Sonicwall, or ZyXEL (this isn't consumer ****) are supporting virtual MAC addresses. FMI:HA Cluster virtual MAC addresses
- schumaku
  Guru - Experienced User
  Feb 24, 2021
  Curious how you intend to connect what akes up the "Internet" at your site - typically a device with just one port - should be connected in a full HA set-up.

Forum Discussion

GS716Tv3 Ha SETUP

5 Replies

Related Content

Orbi RBR750 working with GS716Tv3 working with VLANS

GS716Tv3 Letter of Volatility

GS716Tv3 IGMP Snooping breaks IPV6 SLAAC

HA setup between GS716Tv3 switches?

setup problems

NETGEAR Academy

ProSupport for Business