High Availability’s Implementation on the Fortigate Firewall Using SD-WAN Zone and HA Cluster Active-Passive
Keywords:FortiGate, high availability, SD-WAN, load balancing, failover
Networks that contain sensitive data or have high-security requirements require reliable and dependable network security solutions. FortiGate Firewall, as one of the popular network security solutions, provides High Availability (HA) features that ensure network availability and reliability. This study aims to analyze the implementation of HA on FortiGate Firewall in specific scenarios, such as networks with sensitive data or networks with high-security requirements. A real-world case study is applied to evaluate the effectiveness of HA implementation on FortiGate Firewall in enhancing network reliability and security. In this research, the implementation of HA on FortiGate Firewall at PT ABC was successfully built using the PPDIOO method and deploying SD-WAN load balancing and failover configurations, along with the utilization of a high-availability cluster mechanism. The HA implementation on FortiGate proves to be an effective solution, as demonstrated in the SD-WAN Zone testing of the Source-destination SD-WAN load balancing mode, which showed effectiveness in evenly and optimally distributing traffic among multiple available links, resulting in a 93.3% reduction in downtime. Furthermore, the testing of HA cluster mode in active-passive configuration achieved a 91.8% reduction in downtime compared to the pre-HA implementation state.
Bouizem, Y., Parlavantzas, N., DIb, D., & Morin, C. (2020). Active-Standby for High-Availability in FaaS. WOSC 2020 - Proceedings of the 2020 6th International Workshop on Serverless Computing, Part of Middleware 2020, 31–36. https://doi.org/10.1145/3429880.3430097
Bustamante, J. R., & Avila-Pesantez, D. (2021). Comparative analysis of Cybersecurity mechanisms in SD-WAN architectures: A preliminary results. Proceedings of the 2021 IEEE Engineering International Research Conference, EIRCON 2021. https://doi.org/10.1109/EIRCON52903.2021.9613418
Cheng, F. C., Liu, W. C., & Pan, T. J. (2020). Fail recovery method and internet of things system and charging system using the same (Patent U.S. Patent No. 10,805,147). Patent and Trademark Office.
Devaraj, A. F. S., Elhoseny, M., Dhanasekaran, S., Lydia, E. L., & Shankar, K. (2020). Hybridization of firefly and Improved Multi-Objective Particle Swarm Optimization algorithm for energy efficient load balancing in Cloud Computing environments. Journal of Parallel and Distributed Computing, 142, 36–45. https://doi.org/10.1016/j.jpdc.2020.03.022
Du, C., Xiao, J., & Guo, W. (2022). Bandwidth constrained client selection and scheduling for federated learning over SD-WAN. IET Communications, 16(2), 187–194. https://doi.org/10.1049/cmu2.12333
Fiade, A., Agustian, M. A., & Masruroh, S. U. (2020). Analysis of Failover Link System Performance in OSPF, EIGRP, RIPV2 Routing Protocol with BGP. The 7th International Conference on Cyber and IT Service Management (CITSM 2019). https://doi.org/10.1109/CITSM47753.2019.8965373
Fikri, M., & Rifqi, M. (2023). Implementasi VPN Antar Cabang Menggunakan Teknologi Sdwan Dengan Metode Load Balance (Studi Kasus: PT. Mitra Solusi Infokom). Jurnal Teknologi Informasi Dan Ilmu Komputer (JTIIK), 10(1), 105–113. https://doi.org/10.25126/jtiik.2023105236
Filali, A., Mlika, Z., Cherkaoui, S., & Kobbane, A. (2020). Preemptive SDN Load Balancing with Machine Learning for Delay Sensitive Applications. IEEE Transactions on Vehicular Technology, 69(12), 15947–15963. https://doi.org/10.1109/TVT.2020.3038918
Ghama Wellyandi. (2022). Implementation of Load Balancing and Failover Network Using Fortinet SDWAN Technology at PT. Lintasarta. Ceddi Journal of Information System and Technology (JST), 1(2), 8–13. https://doi.org/10.56134/jst.v1i2.20
Golchi, M. M., Saraeian, S., & Heydari, M. (2019). A hybrid of firefly and improved particle swarm optimization algorithms for load balancing in cloud environments: Performance evaluation. Computer Networks, 162. https://doi.org/10.1016/j.comnet.2019.106860
Hadjadj, T. E., Bouhoula, A., Tebourbi, R., & Ksantini, R. (2022). Optimization of parallel firewalls filtering rules. International Journal of Information Security, 21(2), 323–340. https://doi.org/10.1007/s10207-021-00557-4
Ilham, B., & Setiawan, Y. (2023). Implementation of High Availability Message ISO 8583 using F5 Active-Passive Failover Method. International Journal of Engineering Trends and Technology, 71(4), 264–273. https://doi.org/10.14445/22315381/IJETT-V71I4P223
Mukhopadhyay, B. (2020). A Novel Approach to Load Balancing and Cloud Computing Security using SSL in IaaS Environment. International Journal of Advanced Trends in Computer Science and Engineering, 9(2), 2362–2370. https://doi.org/10.30534/ijatcse/2020/221922020
Neupane, K., Haddad, R., & Chen, L. (2018). Next Generation Firewall for Network Security: A Survey. In SoutheastCon IEEE, 1–6.
Novianto, D., Setiawan Japriadi, Y., Luhur Pangkalpinang, A., Jenderal Sudirman, J., Selindung Baru, K., Gabek, K., & Pangkal Pinang, K. (2021). Comparative Analysis Of Performance Between Ecmp And Nth Methods In Implementation Of Microtic-Based Dual Link Load Balancing Techniques. Jurnal TAM (Technology Acceptance Model), 12(1), 80–88.
Ouamri, M. A., Barb, G., Singh, D., & Alexa, F. (2023). Load Balancing Optimization in Software-Defined Wide Area Networking (SD-WAN) using Deep Reinforcement Learning. IEEE, 1–6. https://doi.org/10.1109/isetc56213.2022.10010335
Peng, Z., Chen, D., & He, W. (2017). A load-balancing and state-sharing algorithm for fault-tolerant firewall cluster. Proceedings - 2017 4th International Conference on Information Science and Control Engineering, ICISCE 2017, 34–37. https://doi.org/10.1109/ICISCE.2017.17
Pribadi, Y., Putra Negara, A. B., & Irwansyah, M. A. (2020). Analisis Penggunaan Metode Failover Clustering untuk Mencapai High Availability pada Web Server (Studi Kasus: Gedung Jurusan Informatika). Jurnal Sistem Dan Teknologi Informasi (Justin), 8(2), 218. https://doi.org/10.26418/justin.v8i2.31965
Sahoo, K. S., Tiwary, M., Mishra, P., Reddy, S., Balusamy, B., & Gandomi, A. (2019). Improving End-Users Utility in Software-Defined Wide Area Network Systems. IEEE Transactions on Network and Service Management, 14(8), 1–12. https://doi.org/10.1109/TNSM.2019.2953621
Sun, J. (2022). Computer Network Security Technology and Prevention Strategy Analysis. Procedia Computer Science, 208, 570–576. https://doi.org/10.1016/j.procs.2022.10.079
Tanha, M., Sajjadi, D., Ruby, R., & Pan, J. (2018). Capacity-Aware and Delay-Guaranteed Resilient Controller Placement for Software-Defined WANs. IEEE Transactions on Network and Service Management, 15(3), 991–1005. https://doi.org/10.1109/TNSM.2018.2829661
Taresh, A. A. R., & Zghair, N. A. K. (2023). Redesign of the communications network based on high availability of traffic management technologies to improve the communication. Measurement: Sensors, 27. https://doi.org/10.1016/j.measen.2023.100776
Wicaksono, D., & Widiasari, I. R. (2022). Sistem Keamanan Jaringan Menggunakan Firewall Dengan Metode Port Blocking Dan Firewall Filtering. Jurnal Teknik Informatika Dan Sistem Informasi, 9(2), 1380–1392. http://jurnal.mdp.ac.id
Yang, K., Guo, D., Zhang, B., & Zhao, B. (2019). Multi-Controller Placement for Load Balancing in SDWAN. IEEE Access, 7, 167278–167289. https://doi.org/10.1109/ACCESS.2019.2953723
Zouini, M., Mantar, Z. El, Rouboa, N., Bensaoud, O., Outzourhit, A., & Bahnasse, A. (2022). Towards a Modern ISGA Institute Infrastructure Based on Fortinet SD-WAN Technology: Recommendations and Best Practices. Procedia Computer Science, 210(C), 311–316. https://doi.org/10.1016/j.procs.2022.10.156
Copyright (c) 2023 Novandi Rizki Fattahilah, Farah Nurfadila, Yanto Setiawan
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA). that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.