Wired Intelligent Edge

Hello Dears!

I've a question. Soon I will get an Aruba 2530 switch and two Fortinet firewalls. The firewall will have DHCP for all networks. In Aruba, static route to the firewalls will be registered.

For example:

0.0.0.0 0.0.0.0 10.60.0.11 (main firewall)

so i need make reserve route to reserve firewall

0.0.0.0 0.0.0.0 10.60.0.12 (reserve firewall)

Reserve route must be in standby mode and track main route. If I lose main route, reserve static route must be automatically on.

I know that it aruba present command "ip-profile" and here I can make reserve route with metric. But, on the 2530 Aruba doesn't present this command.

How can I do it?

Hi, supposing that each Firewall in your scenario really acts as a standalone device (so no clustering feature - AKA HA Active/Active or Active/Backup - is really deployed <- and it shouldn't since you listed two different IP addresses for them and not a common virtual IP address for both if clustered), the only thing you could do is trying with static routing metrics...but there are caveats (as discussed here)...and, more importantly, to do that you a Layer 3 Switch (to deploy routing features) is required, that's essential...the Aruba 2530 is simply not a Layer 3 Switch, it provides just Layer 2 features.

I suspect it is due to the 2530 being a Layer 2 only switch.

Failing that, can you configure VRRP or similar on the Fortinet FW?

Yep, VRRP on the Fortigate Firewalls would be a way to overcome that limitation if no HA will be available at Firewall level.

Thank For Your answer. Fortigate will be on HA cluster , It's mean that will only one IP address for a both Fortigate. It's like a VSS cisco.

On aruba will be only one route 0.0.0.0/0 10.50.0.11

Initial scenario rearranged --> issue self-solved. Great.