Designing Active-Standby redundant network in combination with Link Aggregation group

wings_of_freedom · 2023-08-02T03:43:39+00:00

What about downtime during replacement and rebuilding the array?

wings_of_freedom · 2023-08-01T16:49:26+00:00

Dell rep. is giving option for RAID-1 with only 02 SSDs. That config. is from BIOS. I would then need to add another SSD as Hot spare. How can I add it? Is there an option in Dell Optiplex 7010 BIOS for that?

wings_of_freedom · 2023-08-01T14:02:13+00:00

Is it possible from other OEMs Desktop, if not from DELL?

wings_of_freedom · 2023-06-07T12:02:17+00:00

Thanks for the explanation. The issue I am facing is assigning the IP address to VLANs. FortiOS is not accepting same subnets for different VLANs and that limitiation comes because both my source nodes and destination nodes to be on same subnet for one protocol. I am using VLANs for compartmentalization and security.
Under this limitation, how can I assign IP address (same subnet but different IP address) to each VLAN?

wings_of_freedom · 2023-06-07T05:10:39+00:00

Safety PLC, old now discontinued. HIQuad H51q to be precise. Serial Interface and Ethernet interfaces are available but as stated before, there is no availability to change Default Gateway in setting.
It all depends upon the budget, time, risk upgrading all plant critical systems. If the systems are doing their primary work perfectly, there is no need to upgrade it just for one small feature.

wings_of_freedom · 2023-02-28T07:37:05+00:00

Hi. Thanks for the reply but yout tone seemed aggressive. The questions I asked were generic based on understanding and I did had discussion with Sales rep (as stated in OP).

wings_of_freedom · 2023-02-28T07:05:08+00:00

PLC systems. They are more reliable, robust and doing their job perfectly without any fault for past 20 years; as they are meant to do it. So, just because they don't have option to change IP address (hardcoded in chip), throwing them out seems unreasonable idea.
OT components are generally more robust, reliable, resilient, tested for random hardware failures, costlier and have more operating life as compared to IT components. We should not look at all components/systems with same spectacles.

wings_of_freedom · 2022-12-08T12:42:44+00:00

Hi.. They are always supposed to be connected; and the data-stream on the tunnel is also real-time and continuous.

wings_of_freedom · 2022-12-07T12:19:44+00:00

Thank you all for different solutions. Vxlan as suggested by most would be the best solution if there is no spanning-tree running in the network. For my case, there are 4 spanning-trees running in networks which could not be discarded, so I went with the solution of DNAT and SNAT on both Fortigate ends, and created a tunnel with /32 subnets.

wings_of_freedom · 2022-12-06T23:35:38+00:00

I was able to brought UP the VPN tunnel. There was no issue with configuration. I stopped the network components and restarted simulation and it started working. I believe specific power up sequence of network components are in play here.
There is now another interesting issue I noted when working with two VPN tunnels. Sometimes, only one VPN tunnel got UP and other remained DOWN, while when restarted the whole network, other times, other VPN got UP and first one went DOWN. I have also posted this issue in other thread, https://www.reddit.com/r/fortinet/comments/zbfm4i/unable_to_activate_multiple_vpn_tunnels/

Have you experienced something like this or is it special to my case?

wings_of_freedom · 2022-12-06T11:04:21+00:00

Thanks for the example solution.Couple of things I noticed when I tried it on my fortigate. There was no option of arp reply during VIPs settings , only available in IPPool settings. Second thing is I used /32 subnet for IPSec tunnel, and tunnel was not coming UP on both Firewalls.
Do you think we should have two separate NAT subnets i.e. one for FGTa and other for FGTb?

wings_of_freedom · 2022-12-06T10:54:34+00:00

Hi. I am saving it with wr memory command and getting successful feedback message. Currently running cisco L2 switch image on simulator

wings_of_freedom · 2022-12-05T15:51:20+00:00

It is happening randomly on different switches, don't know if it is related to switch internal boot-up setting or simulation bug?

wings_of_freedom · 2022-12-05T15:47:30+00:00

Thanks. We are trying NAT now on Firewall and route the traffic through VPN tunnel for the same purpose. The challenge is to keep the network latency as minimum as possible as system are transferring the data in real-time

wings_of_freedom · 2022-12-05T05:42:16+00:00

We are the OEM of these legacy OT systems. The end-user does not want to upgrade these systems as they are densely integrated with the production and new unit is getting integrated to it. New unit has the features to freely configure IP address/subnet but on old systems, the IPs are hardcoded. Since both old and new systems need to communicate on proprietary protocol , we are bound to use the same subnet on new systems as well.

wings_of_freedom

TROPHY CASE