Cisco fortigate lacp. 2 | Fortinet Document Library .
-
Cisco fortigate lacp. LACP facilitates the .
Cisco fortigate lacp Interfaces still appear in the CLI although configuration This setup has 2 x Fortigate 100Ds (FG1, FG2) and 2 x Cisco 2960X switches (SW1, SW2) will be added as expansion because Fortigates ran out of free switch ports. 0 255. In some heavy network traffic days ( three times in six months ) Both of two LACP links to Cisco NX gets blocked. I am trying to setup a LACP connection from 2 clustered Fortigate 201F FW to two stacked Cisco 9300x24Y switches via (4) 10 Gb SFP+ direct attach data storage cables as seen below. We are wanting to migrate to a single 10G link via a different switch with as little disruption as possible. If you do the setup as your design, oh here is the LACP diags on the Cisco, not sure how to do the same for Fortigate SW1#sh lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode. feature lacp. Set to Passive LACP to passively use LACP to negotiate 802. EDGE1 EDGE2 \ / \ / \ / Fortigate . . Learn how to configure Link Aggregation Control Protocol (LACP) on FortiGate and Cisco switches in this video tutorial. created policy as per the sub interface, in the policy you can I have a issue configuring LACP between cisco 3850 and fortigate 100D. Connec For the mode, select Static, LACP Active, LACP Passive, or Fortinet Trunk. I'm fairly new to FortiGate and I'm in the process of configuring an 80F to replace a Cisco RV320 router. Scope FortiGate in HA. If you are creating an aggregate between two FortiGate units, you can turn LACP off (lacp-mode static). Trying to get a trunk built between a Cisco Catalyst switch and a Forigate 100F using two 10G links in an LCAP link-aggregation configuration. The 2 lines in a LACP trunk terminate on 2 different chassis in the stack. From the admin desk In this video I show you how I configure LACP on a FortiGate 60E. I currently have etherchannel configured to 2x 10g ports. 1 (vlan10), x. It didn't load share! By Roel van Wanrooy 13/09/2019 #fortinet, #fortigate, #fortiswitch, #lacp, #port-channel, #cisco configure a LACP Port-Channel between FortiSwitch and Cisco Switch I recently had to configure a LACP port-channel between two FortiSwitches and a stack of two Cisco switches. In active I'm trying to LACP trunk a pair of Nexus3000 C3064PQ Chassis running 7. Apart from the trunk speed If you configure LACP on FortiGate you have to consider a point. Mô hình: Yêu cầu: - Cấu hình LACP giữa FGT và switch Cisco - Tạo interface vlan 100 với IP như quy hoạch để làm gateway cho các PC phía dưới (thuộc vlan 100) Trên switch cisco khai LACP: On FortiGate 5. Set to Active LACP to actively use LACP to negotiate 802. Kiểm tra cấu hình. The method Cisco uses is similar to the Fortinet method of reporting this feature. We're looking at possible spanning-tree issues, but also best practice guides on the Cisco side for VPC's. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast Both the physical interfaces and the aggregate interface are showing as up on the Fortigate but the Cisco side is showing the etherchannel and physical ports as not connected. I have Fortigate 200E and 100D pairs running 5. 6, I've currently got 2 1G ports linked in a LACP aggregate team to a Cisco switch. When we force the mode ON on both sides of the port-channel it works and we have connectivity but as soon as we change the mode to LACP (channel-group 1 mode active) it doe Hi Everyone, We have two nexus 9K switches need to connect to FORTIGATE Firewall (HA-Active and standby). 3ad) Labels: FortiGate; 50096 1 Kudo Suggest New You can have all Fortigate ports going to the same switch LAG, but you need set lacp-ha-slave disable on the standby unit so it doesn't actively try to form LACP while the active unit is also doing LACP. 6(1)SN and Later Releases -Configuring Link Aggregation Control Protocol (LACP) LACP is defined in IEEE 802. Then when FG1 goes down the SW1 can failover the 2Gig to FG2. As a matter of fact, when you connect Nexus 2ks to 5ks or 7ks active/active should be configured. LACP fortigate - Cisco switch I have configured LACP link (2 port) on Cisco 3560 and FG310B, everything seem be fine, but when I put traffic on this LACP link, traffic just rided on one physical link, when I shutdown one port of LACP, traffic switch to another. 4. Tiếp theo ta tiến hành bước kiểm tra. The LACP link comes up but This instruction describes the configuration of a LACP Port-Channel between FortiSwitch and Cisco managed by a FortiGate As you are creating layer 3 LACP on Fortigate which is untagged, you should configure "switchport mode access" at Cisco side. And yes, I admit the 80E is no burner with a max of 4 Gbps, but I've seen a lot of VLANs not utilizing nearly as much bandwidth as physically provided. My configuration works correctly singularly however, when i try and aggregate the ports, i get the following LACP Gi0/1(P) EDGE1# Number of channel-groups in use: 1 Number of aggregators: 1 FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic. I connect it to a Cisco switch and test. conf t. 20. NOTE: Clear lacp counters to get accurate statistics I am setting up a 2 ethernet trunk between a Cisco switch and Fortinet 100E firewall. LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key Fortigate and Cisco switch LACP not working Hi! I am testing topology where fortigate connected to switch. I also show how to configure LACP on a UniFi switch. Don't put the ports of both FortiGate units in one LACP group on the switch. It's a For the mode, select Static, LACP Active, LACP Passive, or Fortinet Trunk. Topology is as below: (VLAN A, B) FG1 <== HA1 Port (Trunks VLANs A, B) ==> FG2 (VLAN A, B) Hosts on FG1's switch ports are able to access to hosts on FG2's switch ports. Fortigate Confi: edit "aggregate" set vdom "root" set allowaccess https ssh set type aggregate set member "port1" "port2" set alias "LAG1-2" set snmp-index 12set lacp-speed slow next Cisco side: So your sw1's port-channel(if Cisco) works always 1Gig, not 2Gig. If your FortiGate unit is connecting to a non-FortiGate device, you will need LACP enabled to negotiate the link connections. We have two firewall and we have 4 leaves (2 per site) in the topology. 2. We have almost 30 plus VLANs configured in new switches. If you have multiple VLANs span on FortiGate, you should modify the FortiGate's interface In this video I show you how I configure LACP on a FortiGate 60E. diag netlink interface list to-Cisco. interface Port-channel 30 switchport access vlan x switchport mode access interface GigabitEthernet1/0/12 switchport trunk allowed vlan x switchport mode access channel-group 30 mode active 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. I am thinking that LACP flapping occurs. I have a port channel (4 interfaces) betwenn a Cisco and a Fortinet D500 (firewall) and the issues is this: when i have the four interfaces connected working fine with the port channel up and i unplug one of the interfaces to test the resiliency and connecti this Hi, As you are creating layer 3 LACP on Fortigate which is untagged, you should configure "switchport mode access" at Cisco side. How to Setup Link #Aggregation LACP on #FortiGate #Firewall v7. LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key LACP fortigate - Cisco switch I have configured LACP link (2 port) on Cisco 3560 and FG310B, everything seem be fine, but when I put traffic on this LACP link, traffic just rided on one physical link, when I shutdown one port of LACP, traffic switch to another. On the other side, they are connected with LACP on 1 Catalyst C4500. I am having issues with an LACP port channel coming up on the Fortigate VM and Cisco switch in GNS3. In contrast I´ve applied this topology using only one Fortigate and the redundancy is obtained (check the second topology). 2 and get replies from the Fortinet 192. Cat_6509#sh run int ten8/1 Building configuration Current configuration : 156 bytes ! interface TenGigabitEthernet8/1 switchport switchport mode trunk channel-group 42 mode desirable end Cat_6509#sh run int ten9/1 Building configuration If you configure LACP on FortiGate you have to consider a point. Set to Static for static aggregation. HA with 802. It didn't load share! Hello, I would like to know if some of you have a recommendation for a configuration between a Cisco switch port-channel and a Fortigate Agg FortiOS5 On my Cisco configuration I' ve used this for the physical interfaces channel-group 1 mode active switchport nonegotiate On the Fortigate I have edit " Agg1" set vdom " root" set type aggregate set Hi guys, i have an extrange issue with some port channels on my cisco 9300 series (stack with 4 members). Our setup looks as following: I know this setup is a little bit uncommon because normally you would connect the fortigates to both switches but because of li I would like to set up my network with LACP protocol between fortigate and cisco switch. The Cisco Nexus 3000 switch requires four LACP groups, one for each of the FortiController LACP groups. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast Như vậy là chúng ta đã cấu hình xong LACP trên cả firewall Fortigate và switch Cisco. 3ad standard and enables Cisco switches to manage Ethernet channels between switches that conform to the standard. I am new to Cisco nexus switch and as of now i have simple question for connection with layer 2 uplink (firewall): our Scenario is we have two c9000 series and we have two fortigate. edit "LAN" set vdom "root" set allowaccess ping set type aggregate set member "port2" "port3" set role lan set snmp-index 12 set lacp-mode static Cisco Switch interface Ethernet0/2 switchport trunk encapsulation En este lab realizamos una configuración de LACP (Link Aggregation), entre un FortiGate físico y un Switch Cisco. I noticed that etherchannel haves different aggregator ID on Fortigate and act as secondary aggregator also on Cisco (6509E). Here, you've told the Cisco LACP/Switchport trunk to transmit VLAN#10 as untagged on that LACP Trunk. interface eth 1/48(for keep alive) fortigate uses channel group between all the ports (single channel group oh here is the LACP diags on the Cisco, not sure how to do the same for Fortigate SW1#sh lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode. 1): I would recommend against changing the native VLAN as doing otherwise can hit a number of Cisco LACP bugs that result in LACP PDUs being tagged LACP fortigate - Cisco switch I have configured LACP link (2 port) on Cisco 3560 and FG310B, everything seem be fine, but when I put traffic on this LACP link, traffic just rided on one physical link, when I shutdown one port of LACP, traffic switch to another. The FortiGate Connector for Cisco ACI is a device package that contains XML metadata describing Fortinet’s security services and can be easily uploaded to the Cisco APIC controller. LACP facilitates the Note: By default, when an LACP channel is configured, the LACP channel mode is passive. I configured both side active -active LACP after that its working perfect . 3ad aggregate interfaces 'Link aggregation, HA failover performance, and HA mode'. The LACP link comes up but the VLAN communication does not work. Para pasar tráfico de multiples VLANs, y pr 1st nice layout diagram , a picture says a thousand words What I would do and have done this in the setup you provided, enable ospf on all layer3 interfaces of the 3750 config t router ospf 10 network 0. 5 with Cisco Switch Reference: Deploying MCLAG topologies | FortiSwitch 7. 6. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast oh here is the LACP diags on the Cisco, not sure how to do the same for Fortigate SW1#sh lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode. Cisco ME 1200 Series Carrier Ethernet Access Devices NID Configuration Guide, Cisco IOS 15. This works so far except for LACP. Note: For version 7. 1. Do you have the available interfaces on the FortiGate to configure as second LACP Group? 1 to Cisco, 1 to Aruba? Even if you had to pull away some of your redundant interfaces to create a second LACP Group for the duration of the migration. 1 255. If you do the setup as your design, FortiGate will detect different switches on the ports, and one of the ports will work and the other will not. Each device is connected with LACP on 2 Nexus in VPC (3524-10GX). whenever the FortiGate makes a failover, e. Hello everyone! I have seen some forums about that, but im not clear about de topology when i have 2 FW in active/standby. When it comes to LACP, each unit must have its own LACP bundle on the switch. This joint solution streamlines traffic to supported FortiGate appliances and assigns security policies on command for data center workloads. 1 onwards, lacp-ha-slave has been replaced with lacp-ha-secondary. Add the required ports to the Included list. Using the CLI: config switch trunk. 0 set allowaccess ping set type aggregate set member "port2" "port3" set device-identification enable Hello, I would like to know if some of you have a recommendation for a configuration between a Cisco switch port-channel and a Fortigate Agg FortiOS5 On my Cisco configuration I' ve used this for the physical interfaces channel-group 1 mode active switchport nonegotiate On the Fortigate I have edit " Agg1" set vdom " root" set type aggregate set Hello, I would like to know if some of you have a recommendation for a configuration between a Cisco switch port-channel and a Fortigate Agg FortiOS5 On my Cisco configuration I' ve used this for the physical interfaces channel-group 1 mode active switchport nonegotiate On the Fortigate I have edit " Agg1" set vdom " root" set type aggregate set 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. at that time connectity lost between fortigate firewall and cisco switches Hello teams, we have a cluster of Fortigate. Initial troubleshooting steps for LACP (Link Aggregation - 802. 2 HA active/passive configured as follows in over 10 physical locations: Fortinet WAN1 and WAN2 ports in 802. But when custoemer reboot firewall device one of cisco port went to supspend state after reset this port will be in Present mode. My config as below: Fortigate: command: show system interface result (For my LACP interface): edit "GNET" set vdom "root" set ip 20. So i need to connect a FW in each site. 2. Both nodes set as passive will not work and having static it's 以下のようなネットワーク構成を考えます。FortiGate の internal1 と internal2 は内部側のスイッチ(Cisco Catalyst)と物理接続されています。FortiGate とスイッチの間でこの2リンクを使用してリンクアグリゲーション the behavior of LACP in an HA cluster. 1 (default), x. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast LACP support on entry-level E-series devices 6. Both nodes set as passive will not work and having static it's Hi, I am trying to setup a LAG between a Fortigate 1200D cluster and a two Cisco Nexus switches. feature inter-vlan . Here is an example of one Port: Here, you've told the Cisco LACP/Switchport trunk to transmit VLAN#10 as untagged on that LACP Trunk. during a firmware update, the LACP port to the Cisco switch goes offline for 1 min or longer. 1. 0. When an interface is included in an aggregate interface, it is not listed on the Network > Interfaces page. For some reason, the Cisco switches are showing the WAN2 ports on 4 of the pairs as not sending LACP traffic. Difference Between CatOS and Cisco IOS System Software. 255 area 0 passive default no passive " interface connected to FGT 802. 3ad) - you should not have any issues building those 1:1 links. If the optional IPSec VPN between a FortiGate and a Cisco ASA with multiple subnets Remote access FortiGate as dialup client It is not one of the FortiGate-5000 series backplane interfaces. FortiGate Site: FGT1 (LACP-CORE) # show config system interface edit "LACP-CORE" set vdom "root" set type aggregate set I'm trying to create a LAG between a virtual fortigate appliance and two 3650 cisco switches. It's slower to failover though as the standby then needs to start up its LACP negotiation, the recommended design is a LAG per FG The cluster includes two FortiGate-5000 chassis. 168. Both the physical interfaces and the aggregate interface are showing as up on the Fortigate but the Cisco side is showing the etherchannel and physical ports as not connected. Can you please help in this case. The RV320 has 4 sub-interfaces tagged with their respective VLANs: - x. R 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. 255. The FortiSwitch unit supports LACP in active and passive modes. But I do not get the aggregation online. edit <trunk name> set aggregator-mode {bandwidth | count} set description <description_string> set members <ports> Link aggregation uses the standard LACP protocol which (even) Cisco supports. LACP configuration on FortiGate Side: set member "x2" "x1" --> Here it is selected X1, X2 port to be part of LAG. 0(3)I7(9) with a Fortigate 300D running it's ports in an 802. Kết quả trả về Po1 hiển thị SU là đã kết nối link LACP thành công. 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. It might re-establish a new LACP neighboring with FG2 when FG1 goes down in your set up. The aggregate link is comprised of the primary's de 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key are you trying to connecting lacp between the 2 6500s in the vss setup or are you connecting to another switch ? If its between the 2 6500s in vss the port-channel needs to have switch virtual link set under it For the mode, select Static, Passive LACP, or Active LACP. there is no clear information available on how to do this. HA doesn't fail-over L2 protocols like LACP. 1 Process Ethernet frames with Cisco Security Group Tag and VLAN tag Support port block allocation for NAT64 Support refreshing active sessions for specific protocols and port ranges per VDOM in a specified direction 7. if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast Hello, we have LACP with two port on each of two nodes of A-A cluster configured. It didn't load share! There is no issue with running LACP as active/active. Configuring FortiGate LAN extension the GUI 7. Fortinet-201F-Primary (CORE-UPLINK) # show Hi! I am testing topology where fortigate connected to switch. then assigned these port to subinterface. Select Create. Our setup looks as following: On the switch we see that the fortigate doesn't send any LACP packets: switch1# show lacp counters. The LACP interface configured directly with an IP address (no vlans) and is linked to a number of address and policy elements. On the Nexus, we have ESX servers, 3 on side A, 2 on side B, connected on etherchannel with vpc. Since the FortiGate is in HA the same config will get synced with Here is the full configuration road map at FortiGate FW and cisco switch. On the Nexus 7000 switches this is enabled by default and so an I port will become suspended. x. It didn't load share! How to Setup Link #Aggregation LACP on #FortiGate #Firewall v7. 1Q tag SVI or gi x/x/x " end Keep your static route on the cisco pointing Hello all, We have a customer who is trying to create a 2 gig ports Port-Channel with our router and the LACP is not working. 3ad aggregation. Here is the configuration on the Fortigate: oh here is the LACP diags on the Cisco, not sure how to do the same for Fortigate SW1#sh lacp neighbor Flags: S - Device is requesting Slow LACPDUs F - Device is requesting Fast LACPDUs A - Device is in Active mode P - Device is in Passive mode. The VPC on the Cisco side fails, saying "vpc port channel mis-config due to vpc links in the 2 switches connected to different partners". If you configure LACP on FortiGate you have to consider a point. interface Port-channel 30 switchport access vlan x switchport mode access interface GigabitEthernet1/0/12 switchport trunk allowed vlan x switchport mode access cha You can not configure LACP on Cisco with 2 different Fortigate devices. In this mode, no control messages are sent, and received control messages are ignored. Cisco Switch . On the Nexus switches there is a command lacp suspend-individual (see lacp suspend-individual) within the port-channel interface context that controls what should happen to an "I" port. FGT100D-HA1 (root) # diag n Learn how to configure Link Aggregation Control Protocol (LACP) on FortiGate and Cisco switches in this video tutorial. I have setup the routing policy, Firewall, and aggregate links on the Fortigate. g. 1 The LACP fallback mode is useful if you have a preboot execution I am trying to setup a LAG between a Fortigate 1200D cluster and a two Cisco Nexus switches. These are 10G fiber connections. edit <trunk name> set aggregator-mode {bandwidth | count} set description <description_string> set members <ports> set mode {lacp-active | lacp-passive | static} Trying to get a trunk built between a Cisco Catalyst switch and a Forigate 100F using two 10G links in an LCAP link-aggregation configuration. On switch 2 both ports come up fine (P/P) but on switch 1 I get (P/s) Hi, As you are creating layer 3 LACP on Fortigate which is untagged, you should configure "switchport mode access" at Cisco side. You have to have two GigE connections go in both FG1 and FT2 to do regular LACP. interface Ethernet0/2 switchport trunk encapsulation The LACP conformed from the perspective of IOS cisco is correct: LACP conformed and each link member is grouped without any problem. If I want connect new nexus switches to fortigates, do i need to use access port or trunk port. Kiểm tra trên switch Cisco, ta sử dụng câu lệnh show etherchannel summary. Created aggrate interface port3 & port 4. 4. 3ad aggregate connected to Cisco 3850 switches. It's a pretty basic LACP config on the Cisco side that I have done with other Cisco switches and Palo Alto firewalls and never had an issue with before. FortiGate Aggregate Config. CatOS on the Supervisor Engine and Cisco IOS Software on the MSFC (Hybrid): a CatOS image can be used as the system software to run the Supervisor Engine on Catalyst 6500/6000 switches. This is because interfaces on passive device are not active and fortigate uses a virtual mac address that is managed by active member. 1 (vlan 30) The Cisco core switch has virtual interfaces for each VLAN: Cấu hình LACP giữa Fortigate và Switch Cisco. Simple misunderstanding that caught me up too: So on the Fortinet side, you need to specify a the matching native/untagged ("Native") VLAN for the LACP LAG/Channel for your Layer3 interface. Solution The scenario is described as follows: An aggregate link (LACP) is configured on both devices acting one as Primary and the other one as Secondary (Active - Passive mode). if=to-Cisco family=00 type=1 index=19 mtu=1500 link=0 master=0 ref=21 state=start present no_carrier fw_flags=8800 flags=up broadcast master multicast It's not mandatory to match but it should work with both nodes being active (maybe Cisco doesn't like the Fortinet LACP PDU), anyway having one side configured as active does the job fully since it still puts the problematic port immediately down and not cause any packet drops. This way, one switch could fail without forcing the FGT to fail over, just reducing bandwidth. 10. To create a link aggregation interface in the GUI: Go to It's not mandatory to match but it should work with both nodes being active (maybe Cisco doesn't like the Fortinet LACP PDU), anyway having one side configured as active does the job fully since it still puts the problematic port immediately down and not cause any packet drops. 30. The other way After that both side configure LACP Ether channel. There are 2 sites, but connected directly by a pair of fibers. I also show how to configure LACP on a UniFi switc We have a Cisco 6807-XL that has four 1gb fiber connections to a Fortigate firewall that is not coming up. 3ad aggregate. edit "LAN" set vdom "root" set allowaccess ping set type aggregate set member "port2" "port3" set role lan set snmp-index 12 set lacp-mode static . You should add them to two different groups. The stack acts just like one single switch, even for LACP trunks. It is also enough to unplug one cable from the LACP for there to be a failure. Link Aggregation Control Protocol (LACP) is now supported on FortiGate and FortiWiFi 90E, 80E, 60E, 50E, and 30E devices. After checking this new issue, looks like nothing on the Cisco 3750 switch can talk to the FortiGate firewall 1 name fortilink status down algorithm L4 lacp-mode active 2 name to-Cisco status down algorithm L4 lacp-mode active. So each chassis has two LACP groups. Solved: Hi I have a Cisco Nexus 7000 dual homed to a pair of Hello, We have a Fortigate 1100 connected to a Cisco NX-3548 with 2 LACP links for WAN internet access . 5 with Cisco Switchmore For LAG control, the FortiSwitch unit supports the industry-standard Link Aggregation Control Protocol (LACP). We have a smaller swtiches from cisco (SG500) and we were able to configure LACP in no time. To support We've connected my customer's 1500D cluster cross-wise to a HPE switch stack, using 2x 2port LACP trunks. I am working with support and Cisco support, but I wanted to ask if others have gotten this working. The FortiGate should just analyze the traffic and should be transparent for the Cisco's. Channel group 1 neighbors. 2 | Fortinet Document Library . by HaiNguyen -IT | 06/01/2023 | Lượt xem: 6986. LACP port Admin Oper Port Port Port Flags Priority Dev ID Age key Key has anyone build a setup where you can transport LACP transparent over a FortiGate? Our Setup is that the FortiGate will be installed between two Cisco devices which have configured LACP. Config onFortigate. In active/passive active side negotiate and the passive side minimizes transmission of LACP packets (less noise). I swear I've used this same configuration in the past and it worked, but it isn't working now. 1 (vlan 20), x. Each node in FG Cluster configured with their own ether channel. So far the below is working (i can ping from Cisco 192. LACP is a standard protocol (802. bqqo ldhtfq bbdw mowc pjzm lhfk ndx llfkxu gyzamrk dtgjq sjpg wrjhfxm yju jeojta znqmljf