Friday, July 5, 2019

Help with dmz fail over

All,

Please let me apologise if this is a wrong place for this post - this is my first post on reddit (and I'm under pressure to fix this problem).

I have got a problem with our dmz fail over set up. From the diagram you can see that we are using 2 x fortigate units (500d), 2 x dmz unmanaged switches, 4 esx hosts. each fortigate is plugged into one dmz switch, and from the switch the connection goes to the esx host either adapter 1 or 2 (it depends on which fortigate)

The HA mode on the firewall is set to active - active (i don't know why - i'm trying to fix this mess). on esx hosts (vmware) the dmz 'standard switch' fail over order is set to active - standby, however when i check the otions from the 'virtual switch' menu, the fail over order is set to active - active.

Problem:

When firewall 2 is master, dmz is online. When we failover onto firewall 1 (so fg1 is a master now), dmz is offline. The network icon on the dmz server goes red - network not available. BUT when I unplug the dmz cable (which goes from dmz1 switch to firewall 1) from dmz1 switch and plug it into dmz2 switch, the dmz server goes back online. Which to me means that the network adapter 1 on the esx host didn't know that i have failed over the firewall onto firewall 1 so the network adapter 1 is still on standby.

I know its confusing but i've tried to explain it as best as i can.

Thank you for any help.

Tom

dmz diagram



No comments:

Post a Comment