About This Architecture

FortiWeb high-availability cluster deployed across dual Cisco Nexus 5000 switches with active-passive failover using VIP 10.255.243.10/24. Traffic flows from WAN through FortiWeb-1 and FortiWeb-2 (169.254.10.10-11 HA heartbeat) to LANDMZ zone 10.255.243.0/24, distributing to nine backend load balancers running Nginx, HAProxy, and Java proxies serving production, staging, and dev environments. This topology ensures zero-downtime WAF protection for multi-tier web applications with dedicated HA links preventing split-brain scenarios. Fork this diagram on Diagrams.so to customize interface assignments, add monitoring paths, or adapt for your FortiWeb deployment with .drawio export for network documentation. Balancer tier includes MCR production (incoming-mcrsvc.rossko.ru), stage (rossko.dev), and specialized proxies for Zavod, Parterra, RR, Fit, SRV, and Membrane services feeding ASP.NET/Nginx/Apache web server pools.

People also ask

How do I design a FortiWeb HA cluster with Cisco Nexus switches and multiple backend load balancers?

Deploy FortiWeb-1 and FortiWeb-2 in active-passive mode with dedicated HA heartbeat (169.254.10.10-11), shared VIP 10.255.243.10/24, and uplinks to dual Cisco Nexus 5K switches. Route LANDMZ traffic to nine backend load balancers (Nginx/HAProxy/Java) serving production, staging, and dev web server pools as shown in this diagram.