Forum Discussion
ac89live
Altocumulus
AltocumulusSetting up LACP between the F5 machine and two firewalls in cluster
We have a Viprion2250 connected via one trunk using 0x8100 Ether type to our standalone firewall (8interfaces in the trunk - that is 8x10G each) So basically we have one viprion to connected to one ...
ac89liveAltocumulus
AltocumulusThank you guys.
We're not looking to purchase new another for clustering the F5. Only another firewall for clustering the firewall. So evetually we'll have one F5 and two fortigates in cluster.
As I understood from fortinet KBs, a fortigate in cluster should share a VMAC in case of failover
So basically the F5 will continue to send the traffic to same primary member if the F5 can handle the gratuitous ARP from the Fortigate cluster firewalls.
I only was hoping if someone have same design and can confirm this to us. 🙂
Hi ac89live ,
Bigip is same as Fortigate firewall if you configure the MAC address masquraded feature on bigip traffic group ,
From my perspective bigip will NOT send traffic to the Failed FW node , as the second FW unit will advertise gARP as you said and this gARP will make Bigip to detect the failover that happen between Firewalls units.
> Because of both of FWs shares same vMAC address the gARP will NOT update the ARP cache table ( IP & MAC ) but gARP updates CAM table ( MAC and Ports ) so from my perspective , Bigip will detect the failover quickly and forward traffic in the correct path to the ACTIVE FW unit.
For That I will Need one of F5 Experts can validate my answer or they can adjust it for us to get the most correct answer.
