In this post, I’ll walk through a high availability (HA) office network architecture I’ve implemented across several branch environments. The goal was to create a resilient, fault-tolerant design that ensures connectivity, security, and uptime — even during ISP outages, hardware failures, or power events.
The design uses FortiGate firewalls in HA mode, Meraki switches, SD-WAN with SLA rules, and redundant power and network paths.
🧱 Network Design Overview
Here’s the logical architecture:
- Dual ISPs: Two independent internet circuits for redundancy.
- WAN Layer: Two WAN switches (one per ISP).
- Firewalls: Two FortiGate appliances in HA (active/passive) mode.
- LAN Layer: Two internal Meraki switches — each connected to a different FortiGate unit.
- Switch Interconnect: Internal switches connected via a port-channel (LAG) for redundancy.
- UPS Redundancy: Power is fed through separate UPS circuits (A/B) to isolate failures.
🖥️ Diagram
🔧 Key Design Highlights
🔁 FortiGate HA Configuration
- Active/passive mode with heartbeat and session sync
- Dual WAN interfaces on each firewall, connecting to both WAN switches
- SD-WAN configured with SLA tracking for packet loss, jitter, and latency
🌐 SD-WAN Failover Logic
- If ISP 1 experiences packet loss or latency beyond SLA thresholds, traffic auto-fails over to ISP 2
- No user interaction required; seamless failover from the user perspective
🔌 Power Resilience
- UPS Circuit A powers one side (WAN switch + FortiGate + Internal switch)
- UPS Circuit B powers the other side
- A failure on one power path doesn’t take down the core network infrastructure
🧩 Switch Redundancy
- Internal Meraki switches are interconnected using a LAG (Port-Channel) to provide redundancy and maintain internal traffic paths
- Each Meraki switch also connects to the FortiGate cluster via a dedicated LAG, ensuring link-level redundancy between LAN and firewall layers
🔄 Real-World Results
- Survived ISP outages with zero downtime thanks to SD-WAN
- No business disruption during firewall firmware upgrades (failover was seamless)
- Local power failures affected one side only — only endpoints connected to the affected internal switch lost connectivity, while core infrastructure remained operational
- Easy to replicate at other offices due to modular and well-documented design
🧠 Lessons Learned
- SD-WAN SLA tuning is critical — overly sensitive thresholds can cause flapping
- Always validate HA failover under load — test VPNs, NAT, and logging
- Label power and data paths clearly — it saves time in emergencies
- Documentation is as important as design — it enabled repeatable deployments
📌 Final Thoughts
This design has proven highly effective across multiple office deployments. It offers true high availability across networking, power, and internet access layers — while staying relatively simple to manage.
If you’re designing or upgrading a branch office or small datacenter, consider using this architecture as a blueprint. Feel free to adapt it to your own stack — whether you're using FortiGate, Palo Alto, Meraki, or other gear.
Top comments (0)