High Availability’s Implementation on the Fortigate Firewall Using SD-WAN Zone and HA Cluster Active-Passive

Authors

  • Novandi Rizki Fattahilah BINUS Online Learning, Bina Nusantara University, West Jakarta, DKI Jakarta
  • Farah Nurfadila BINUS Online Learning, Bina Nusantara University, West Jakarta, DKI Jakarta
  • Yanto Setiawan BINUS Online Learning, Bina Nusantara University, West Jakarta, DKI Jakarta

DOI:

https://doi.org/10.55324/ijoms.v2i11.622

Keywords:

FortiGate, high availability, SD-WAN, load balancing, failover

Abstract

Networks that contain sensitive data or have high-security requirements require reliable and dependable network security solutions. FortiGate Firewall, as one of the popular network security solutions, provides High Availability (HA) features that ensure network availability and reliability. This study aims to analyze the implementation of HA on FortiGate Firewall in specific scenarios, such as networks with sensitive data or networks with high-security requirements. A real-world case study is applied to evaluate the effectiveness of HA implementation on FortiGate Firewall in enhancing network reliability and security. In this research, the implementation of HA on FortiGate Firewall at PT ABC was successfully built using the PPDIOO method and deploying SD-WAN load balancing and failover configurations, along with the utilization of a high-availability cluster mechanism. The HA implementation on FortiGate proves to be an effective solution, as demonstrated in the SD-WAN Zone testing of the Source-destination SD-WAN load balancing mode, which showed effectiveness in evenly and optimally distributing traffic among multiple available links, resulting in a 93.3% reduction in downtime. Furthermore, the testing of HA cluster mode in active-passive configuration achieved a 91.8% reduction in downtime compared to the pre-HA implementation state.

References

Bouizem, Y., Parlavantzas, N., DIb, D., & Morin, C. (2020). Active-Standby for High-Availability in FaaS. WOSC 2020 - Proceedings of the 2020 6th International Workshop on Serverless Computing, Part of Middleware 2020, 31–36. https://doi.org/10.1145/3429880.3430097

Bustamante, J. R., & Avila-Pesantez, D. (2021). Comparative analysis of Cybersecurity mechanisms in SD-WAN architectures: A preliminary results. Proceedings of the 2021 IEEE Engineering International Research Conference, EIRCON 2021. https://doi.org/10.1109/EIRCON52903.2021.9613418

Cheng, F. C., Liu, W. C., & Pan, T. J. (2020). Fail recovery method and internet of things system and charging system using the same (Patent U.S. Patent No. 10,805,147). Patent and Trademark Office.

Devaraj, A. F. S., Elhoseny, M., Dhanasekaran, S., Lydia, E. L., & Shankar, K. (2020). Hybridization of firefly and Improved Multi-Objective Particle Swarm Optimization algorithm for energy efficient load balancing in Cloud Computing environments. Journal of Parallel and Distributed Computing, 142, 36–45. https://doi.org/10.1016/j.jpdc.2020.03.022

Du, C., Xiao, J., & Guo, W. (2022). Bandwidth constrained client selection and scheduling for federated learning over SD-WAN. IET Communications, 16(2), 187–194. https://doi.org/10.1049/cmu2.12333

Fiade, A., Agustian, M. A., & Masruroh, S. U. (2020). Analysis of Failover Link System Performance in OSPF, EIGRP, RIPV2 Routing Protocol with BGP. The 7th International Conference on Cyber and IT Service Management (CITSM 2019). https://doi.org/10.1109/CITSM47753.2019.8965373

Fikri, M., & Rifqi, M. (2023). Implementasi VPN Antar Cabang Menggunakan Teknologi Sdwan Dengan Metode Load Balance (Studi Kasus: PT. Mitra Solusi Infokom). Jurnal Teknologi Informasi Dan Ilmu Komputer (JTIIK), 10(1), 105–113. https://doi.org/10.25126/jtiik.2023105236

Filali, A., Mlika, Z., Cherkaoui, S., & Kobbane, A. (2020). Preemptive SDN Load Balancing with Machine Learning for Delay Sensitive Applications. IEEE Transactions on Vehicular Technology, 69(12), 15947–15963. https://doi.org/10.1109/TVT.2020.3038918

Ghama Wellyandi. (2022). Implementation of Load Balancing and Failover Network Using Fortinet SDWAN Technology at PT. Lintasarta. Ceddi Journal of Information System and Technology (JST), 1(2), 8–13. https://doi.org/10.56134/jst.v1i2.20

Golchi, M. M., Saraeian, S., & Heydari, M. (2019). A hybrid of firefly and improved particle swarm optimization algorithms for load balancing in cloud environments: Performance evaluation. Computer Networks, 162. https://doi.org/10.1016/j.comnet.2019.106860

Hadjadj, T. E., Bouhoula, A., Tebourbi, R., & Ksantini, R. (2022). Optimization of parallel firewalls filtering rules. International Journal of Information Security, 21(2), 323–340. https://doi.org/10.1007/s10207-021-00557-4

Ilham, B., & Setiawan, Y. (2023). Implementation of High Availability Message ISO 8583 using F5 Active-Passive Failover Method. International Journal of Engineering Trends and Technology, 71(4), 264–273. https://doi.org/10.14445/22315381/IJETT-V71I4P223

Mukhopadhyay, B. (2020). A Novel Approach to Load Balancing and Cloud Computing Security using SSL in IaaS Environment. International Journal of Advanced Trends in Computer Science and Engineering, 9(2), 2362–2370. https://doi.org/10.30534/ijatcse/2020/221922020

Neupane, K., Haddad, R., & Chen, L. (2018). Next Generation Firewall for Network Security: A Survey. In SoutheastCon IEEE, 1–6.

Novianto, D., Setiawan Japriadi, Y., Luhur Pangkalpinang, A., Jenderal Sudirman, J., Selindung Baru, K., Gabek, K., & Pangkal Pinang, K. (2021). Comparative Analysis Of Performance Between Ecmp And Nth Methods In Implementation Of Microtic-Based Dual Link Load Balancing Techniques. Jurnal TAM (Technology Acceptance Model), 12(1), 80–88.

Ouamri, M. A., Barb, G., Singh, D., & Alexa, F. (2023). Load Balancing Optimization in Software-Defined Wide Area Networking (SD-WAN) using Deep Reinforcement Learning. IEEE, 1–6. https://doi.org/10.1109/isetc56213.2022.10010335

Peng, Z., Chen, D., & He, W. (2017). A load-balancing and state-sharing algorithm for fault-tolerant firewall cluster. Proceedings - 2017 4th International Conference on Information Science and Control Engineering, ICISCE 2017, 34–37. https://doi.org/10.1109/ICISCE.2017.17

Pribadi, Y., Putra Negara, A. B., & Irwansyah, M. A. (2020). Analisis Penggunaan Metode Failover Clustering untuk Mencapai High Availability pada Web Server (Studi Kasus: Gedung Jurusan Informatika). Jurnal Sistem Dan Teknologi Informasi (Justin), 8(2), 218. https://doi.org/10.26418/justin.v8i2.31965

Sahoo, K. S., Tiwary, M., Mishra, P., Reddy, S., Balusamy, B., & Gandomi, A. (2019). Improving End-Users Utility in Software-Defined Wide Area Network Systems. IEEE Transactions on Network and Service Management, 14(8), 1–12. https://doi.org/10.1109/TNSM.2019.2953621

Sun, J. (2022). Computer Network Security Technology and Prevention Strategy Analysis. Procedia Computer Science, 208, 570–576. https://doi.org/10.1016/j.procs.2022.10.079

Tanha, M., Sajjadi, D., Ruby, R., & Pan, J. (2018). Capacity-Aware and Delay-Guaranteed Resilient Controller Placement for Software-Defined WANs. IEEE Transactions on Network and Service Management, 15(3), 991–1005. https://doi.org/10.1109/TNSM.2018.2829661

Taresh, A. A. R., & Zghair, N. A. K. (2023). Redesign of the communications network based on high availability of traffic management technologies to improve the communication. Measurement: Sensors, 27. https://doi.org/10.1016/j.measen.2023.100776

Wicaksono, D., & Widiasari, I. R. (2022). Sistem Keamanan Jaringan Menggunakan Firewall Dengan Metode Port Blocking Dan Firewall Filtering. Jurnal Teknik Informatika Dan Sistem Informasi, 9(2), 1380–1392. http://jurnal.mdp.ac.id

Yang, K., Guo, D., Zhang, B., & Zhao, B. (2019). Multi-Controller Placement for Load Balancing in SDWAN. IEEE Access, 7, 167278–167289. https://doi.org/10.1109/ACCESS.2019.2953723

Zouini, M., Mantar, Z. El, Rouboa, N., Bensaoud, O., Outzourhit, A., & Bahnasse, A. (2022). Towards a Modern ISGA Institute Infrastructure Based on Fortinet SD-WAN Technology: Recommendations and Best Practices. Procedia Computer Science, 210(C), 311–316. https://doi.org/10.1016/j.procs.2022.10.156

Downloads

Published

2023-08-29

Issue

Vol. 2 No. 11 (2023): Indonesian Journal of Multidisciplinary Science

Section

Articles

License

Copyright (c) 2023 Novandi Rizki Fattahilah, Farah Nurfadila, Yanto Setiawan

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike 4.0 International (CC-BY-SA). that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.