Transparent Mode Packet Flow - Fortinet FortiGate FortiGate-800 Installation And Configuration Manual

High availability

Transparent mode packet flow

FortiGate-800 Installation and Configuration Guide
The following are examples of switches that are compatible with the FGCP because
they use a Global MAC address table:
• HP 4100 GL series,
• HP2628,
• HP5300,
• Cisco Catalyst,
• Cisco 2850,
• Cisco 3550,
• Nortel PP8600,
• Nortel XLR.
In transparent mode, six MAC addresses are involved in active-active communication
between a client and a server if the cluster routes the packets to the subordinate unit
in the cluster:
• Client MAC address (MAC_C),
• Server MAC address (MAC_S),
• Primary unit internal MAC address (MAC_P_I),
• Primary unit external MAC address (MAC_P_E),
• Subordinate unit internal MAC address (MAC_S_I),
• Subordinate unit external MAC address (MAC_S_E).
A request packet from a client on the internal network to a server on the external
network:
1 Source is MAC_C and destination is MAC_S (from client to primary)
2 Source is MAC_P_I and destination is MAC_S_I (from primary internal to subordinate
internal)
3 Source is MAC_S_E and destination is MAC_S (from subordinate external to server)
A response packet from a server on the external network to a client on the internal
network:
1 Source is MAC_S and destination is MAC_C (from server to primary)
2 Source is MAC_P_E and destination is MAC_S_E (from primary external to
subordinate external)
3 Source is MAC_S_I and destination is MAC_C (from subordinate internal to client)
Active-Active cluster packet flow
91