Solved: Issue with two HA routers connected together (Active/Passive)

scsc_tech · ‎04-25-2019

We have an HA pair of Firepower 2110 routers at the edge of our SDA fabric. One interface on each router is connected to another HA pair of Fortinet routers that segregate and vendor managed system. They are linked 1-to-1 meaning Firepower 1 is linked to Fortinet 1 and Firepower 2 is linked to Fortinet 2.

We are running into an issue where the Fortinets suddenly decided to switch the active device. In doing so, we lose connectivity because our active Firepower router is not connected to the currently active Fortinet router. Example being Firepower 1 is active and Fortinet 2 is active.

What is the best way to solve this issue? Inserting a switch between the router sets? Or can it only be accomplished by making one set of routers active/active?

Dennis Mink · ‎04-25-2019

FTD fail over based on the interface they monitor or if the heart beat between them drops.

so check the monitored interface on the firepower and see if the interface that connects them to the Fortinet is one of them.

ideally you would change your set up and stretch vlans between both the firepowers and fortinet, so they are not directly connected.

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

Dennis Mink · ‎04-25-2019

FTD fail over based on the interface they monitor or if the heart beat between them drops.

so check the monitored interface on the firepower and see if the interface that connects them to the Fortinet is one of them.

ideally you would change your set up and stretch vlans between both the firepowers and fortinet, so they are not directly connected.

Please remember to rate useful posts, by clicking on the stars below.