Forum Discussion
ac89live
Altocumulus
AltocumulusSetting up LACP between the F5 machine and two firewalls in cluster
We have a Viprion2250 connected via one trunk using 0x8100 Ether type to our standalone firewall (8interfaces in the trunk - that is 8x10G each) So basically we have one viprion to connected to one ...
Hi ac89live ,
From my perspective , it should work as you explained.
If you purchased another Bigip ( Active/Standy ) For example , you will have to connect it with the same manner 8 interfaces with FW1 and 8 interfaces with FW2 , So it seems wo work for me.
My recommendation is , if you have another blade , you should connect it same as the primary blade for better performance and not to exhaust backplane between blades.
Paulius
MVP
MVPac89live Same thing that Mohamed_Ahmed_Kansoh but you might want to see how a standby Fortigate works for interfaces because I know sometimes a standby device is not capable of performing all functions of an active unit. If for some reason LACP doesn't function as expected on the standby unit then at that time it might be best to have a switch between the two sets of devices. Just make sure that you have a way for the HA F5s to know which Fortinet device is active in the pair as well as the Fortinet device knows which F5 device is active in the pair. This last piece is typically the reason you have a switch between the sets of HA devices because it's usually a much more complicated task to make sure the HA devices that are connected to other HA devices to know which is the active unit. Typically you do this by using an SLA monitor that causes a failover event. You might have HA issues on the F5s as well if they are not able to validate the other device is up on a particular segment. For instance F5 External interface can see the other F5 External IP and the same thing for every other interface. You do have ways to ignore pieces of HA configuration but again it just complicates the setup.