Article
| Description |
This article describes issues about operating FortiGate clusters with third-party layer-3 switches. |
| Products |
FortiGate Antivirus Firewalls with FortiOS v2.80, operating in High Availability mode. |
| Details |
After a failover, the new primary unit sends special ARP packets to refresh the MAC forwarding tables of the switches connected to the cluster. If the cluster is connected using layer-2 switches, the MAC forwarding tables are refreshed by the special ARP packets and the switches start directing packets to the new primary unit.
In some configurations that use layer-3 switches, after a failover, the layer-3 switches may not successfully re-direct traffic to the new primary cluster unit. The possible reason for this is that the layer-3 switch might keep a table of IP addresses and interfaces and may not update this table for a relatively long time after the failover (the table is not updated by the special ARP packets). Until the table is updated, the layer-3 switch keeps forwarding packets to the now failed cluster unit. As a result, traffic stops and the cluster does not function.
As of the release date of this document, Fortinet has not developed a workaround for this problem. One possible solution would be to clear the forwarding table on the layer-3 switch.
|
Related Articles
Articles about HA with third-party products
