Solved: Re: Cisco ACI with Fortigate Multipod Cluser

P333EVS1 · ‎11-05-2025

After some advice. The guides arent very clear when configuring Fortigate FGSP over FGCP and multipod.

In ACI when you create a L4-L7 device. do you create 2 devices - 1 for each pod? or do you create a single device List all interfaces and create a single cluster interface? I'm thinking its the latter.

On the Fortigate side, I have created the Peer and Session Sync interfaces, they are all in the same BD in ACI, no unicast routing needed because it stays within the BD. What bandwidth is usually needed on the session sync? Is 10Gb SFPs overkill?

P333EVS1 · ‎11-05-2025

found the answer - In the context of Cisco ACI with a multi-pod deployment and a service insertion for a Fortinet firewall cluster (using FGCP / FGSP), you typically configure one logical L4-L7 device in the ACI fabric (under Services > L4-L7 > Devices) that maps to the firewall cluster, rather than creating separate device objects per pod. For that device you list all of the “concrete interfaces” (the physical/trunk ports, sub-interfaces or VLANs) that the cluster uses.

View solution in original post

P333EVS1 · ‎11-05-2025

found the answer - In the context of Cisco ACI with a multi-pod deployment and a service insertion for a Fortinet firewall cluster (using FGCP / FGSP), you typically configure one logical L4-L7 device in the ACI fabric (under Services > L4-L7 > Devices) that maps to the firewall cluster, rather than creating separate device objects per pod. For that device you list all of the “concrete interfaces” (the physical/trunk ports, sub-interfaces or VLANs) that the cluster uses.

Wassim Aouadi · ‎11-07-2025

If I may add something, you are actually creating a concrete device for each firewall node you have, and for each concrete device you're specifying the interfaces.

Forum Tips: 1. Paste images inline - don't attach. 2. If you find a post helpful, please give it a thumbs up or mark it as a correct solution.