Fortinet black logo

Handbook

Redundant interfaces

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:839289
Download PDF

Redundant interfaces

On some FortiGate models, you can combine two or more physical interfaces to provide link redundancy. This feature allows you to connect to two or more switches to ensure connectivity if one physical interface, or the equipment on that interface, fails.

In a redundant interface, traffic travels only over one interface at a time. This differs from an aggregated interface where traffic travels over all interfaces for distribution of increased bandwidth. This difference means that redundant interfaces can have more robust configurations with fewer possible points of failure. This is important in a fully-meshed HA configuration.

An interface can be in a redundant interface if:

  • It's a physical interface, not a VLAN interface
  • It's not already part of an aggregated or redundant interface
  • It's in the same VDOM as the redundant interface
  • It has no defined IP address
  • It's not configured for DHCP or PPPoE
  • It has no DHCP server or relay configured on it
  • It doesn't have any VLAN subinterfaces
  • It isn't referenced in any security policy, VIP, or multicast policy
  • It isn't monitored by HA
  • It isn't one of the FortiGate-5000 series backplane interfaces

When an interface is included in a redundant interface, it isn't listed on the Network > Interfaces page. You can't configure the interface individually and it isn't available for inclusion in security policies, VIPs, or routing.

Redundant interfaces

On some FortiGate models, you can combine two or more physical interfaces to provide link redundancy. This feature allows you to connect to two or more switches to ensure connectivity if one physical interface, or the equipment on that interface, fails.

In a redundant interface, traffic travels only over one interface at a time. This differs from an aggregated interface where traffic travels over all interfaces for distribution of increased bandwidth. This difference means that redundant interfaces can have more robust configurations with fewer possible points of failure. This is important in a fully-meshed HA configuration.

An interface can be in a redundant interface if:

  • It's a physical interface, not a VLAN interface
  • It's not already part of an aggregated or redundant interface
  • It's in the same VDOM as the redundant interface
  • It has no defined IP address
  • It's not configured for DHCP or PPPoE
  • It has no DHCP server or relay configured on it
  • It doesn't have any VLAN subinterfaces
  • It isn't referenced in any security policy, VIP, or multicast policy
  • It isn't monitored by HA
  • It isn't one of the FortiGate-5000 series backplane interfaces

When an interface is included in a redundant interface, it isn't listed on the Network > Interfaces page. You can't configure the interface individually and it isn't available for inclusion in security policies, VIPs, or routing.