Created on 11-18-2004 12:00 AM Edited on 06-03-2022 10:26 AM
Article
Description | This article describes issues about operating FortiGate clusters with third-party layer-3 switches. |
Products | FortiGate Antivirus Firewalls with FortiOS v2.80, operating in High Availability mode. |
Details |
After a failover, the new primary unit sends special ARP packets to refresh the MAC forwarding tables of the switches connected to the cluster. If the cluster is connected using layer-2 switches, the MAC forwarding tables are refreshed by the special ARP packets and the switches start directing packets to the new primary unit. In some configurations that use layer-3 switches, after a failover, the layer-3 switches may not successfully re-direct traffic to the new primary cluster unit. The possible reason for this is that the layer-3 switch might keep a table of IP addresses and interfaces and may not update this table for a relatively long time after the failover (the table is not updated by the special ARP packets). Until the table is updated, the layer-3 switch keeps forwarding packets to the now failed cluster unit. As a result, traffic stops and the cluster does not function. As of the release date of this document, Fortinet has not developed a workaround for this problem. One possible solution would be to clear the forwarding table on the layer-3 switch. |
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.