Transparent mode packet flow – Fortinet FortiGate 4000 User Manual

High availability

Active-Active cluster packet flow

FortiGate-4000 Installation and Configuration Guide

99

Transparent mode packet flow

In transparent mode, six MAC addresses are involved in active-active communication
between a client and a server if the cluster routes the packets to the subordinate unit
in the cluster:

• Client MAC address (MAC_C),
• Server MAC address (MAC_S),
• Primary unit internal MAC address (MAC_P_I),
• Primary unit external MAC address (MAC_P_E),
• Subordinate unit internal MAC address (MAC_S_I),
• Subordinate unit external MAC address (MAC_S_E).

A request packet from a client on the internal network to a server on the external
network:

1

Source is MAC_C and destination is MAC_S (from client to primary)

2

Source is MAC_P_I and destination is MAC_S_I (from primary internal to subordinate
internal)

3

Source is MAC_S_E and destination is MAC_S (from subordinate external to server)

A response packet from a server on the external network to a client on the internal
network:

1

Source is MAC_S and destination is MAC_C (from server to primary)

2

Source is MAC_P_E and destination is MAC_S_E (from primary external to
subordinate external)

3

Source is MAC_S_I and destination is MAC_C (from subordinate internal to client)