Answer the question
In order to leave comments, you need to log in
B
B
beltskyy2021-09-30 11:16:24
beltskyy, 2021-09-30 11:16:24
Replacing a router in production, a painless transition from Kerio to Fortigate, how to correctly implement it with minimal downtime?
Friends! do not kick a novice networker)))) We are moving away from the Kerio Control virtual machine (with a huge bunch of settings) to the Fortigate 100F piece of iron. How to do it competently and imperceptibly for the product environment, well, or with minimal downtime, i.e. gradually switching users and services. Naturally, everything will be reconfigured manually. The question is to get 2 routers working at the same time with one ISP connection. The address from the provider is obtained via DHCP, binding to the MAC address. There is an Aruba 1930 switch, there is a simple TP-Link switch. The first thing I thought was to plug the lace from the provider into the switch and 2 laces into both routers, assign the same MAC to both, but then how will the traffic understand from which router to which and how to go and why)) The second thing I thought was to use for this purpose LACP on Aruba 1930,
2 answer(s)
@dronmaxman
With one poppy will not work. You can try to ask the provider for another IP and bind it to the fort. Then this circuit with a switch will work.
It won't help either.
If you have a peer-to-peer network, then connect the fort inside the network with two interfaces, one to make a WAN, the second LAN. Get that the fort passes clients through itself and then drives traffic to kerio. There will be such a double NAT, but this is temporary. Then you drag with your hands (change GW), clients. When you pull everyone over, throw out kerio, connect the Internet cable to the fort and reconfigure MAC and IP.
@anthtml
A
Andrey Barbolin, 2021-09-30 @dronmaxman
into a switch and 2 laces into both routers,
With one poppy will not work. You can try to ask the provider for another IP and bind it to the fort. Then this circuit with a switch will work.
for this purpose LACP on Aruba 1930
It won't help either.
If you have a peer-to-peer network, then connect the fort inside the network with two interfaces, one to make a WAN, the second LAN. Get that the fort passes clients through itself and then drives traffic to kerio. There will be such a double NAT, but this is temporary. Then you drag with your hands (change GW), clients. When you pull everyone over, throw out kerio, connect the Internet cable to the fort and reconfigure MAC and IP.
A
AntHTML, 2021-09-30 @anthtml
Provider in WAN fortigate, WAN kerio in DMZ fortigate - or vice versa, the main thing is that the second router has direct minimal access to the WAN.
we are slowly transferring the rules from one to another and looking at how
LACP works in Aruba, it won’t help - this is aggregation, I don’t see if Aruba supports BGP / OSPF, if so, you could play around with fallower
Similar questions
A
D
N
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question