Highly Available Office Network Design

Sebastian Mejia — Fri, 20 Jun 2025 03:25:12 +0000

In this post, I’ll walk through a high availability (HA) office network architecture I’ve implemented across several branch environments. The goal was to create a resilient, fault-tolerant design that ensures connectivity, security, and uptime — even during ISP outages, hardware failures, or power events.

The design uses FortiGate firewalls in HA mode, Meraki switches, SD-WAN with SLA rules, and redundant power and network paths.

🧱 Network Design Overview

Here’s the logical architecture:

Dual ISPs: Two independent internet circuits for redundancy.
WAN Layer: Two WAN switches (one per ISP).
Firewalls: Two FortiGate appliances in HA (active/passive) mode.
LAN Layer: Two internal Meraki switches — each connected to a different FortiGate unit.
Switch Interconnect: Internal switches connected via a port-channel (LAG) for redundancy.
UPS Redundancy: Power is fed through separate UPS circuits (A/B) to isolate failures.

🖥️ Diagram

🔧 Key Design Highlights

🔁 FortiGate HA Configuration

Active/passive mode with heartbeat and session sync
Dual WAN interfaces on each firewall, connecting to both WAN switches
SD-WAN configured with SLA tracking for packet loss, jitter, and latency

🌐 SD-WAN Failover Logic

If ISP 1 experiences packet loss or latency beyond SLA thresholds, traffic auto-fails over to ISP 2
No user interaction required; seamless failover from the user perspective

🔌 Power Resilience

UPS Circuit A powers one side (WAN switch + FortiGate + Internal switch)
UPS Circuit B powers the other side
A failure on one power path doesn’t take down the core network infrastructure

🧩 Switch Redundancy

Internal Meraki switches are interconnected using a LAG (Port-Channel) to provide redundancy and maintain internal traffic paths
Each Meraki switch also connects to the FortiGate cluster via a dedicated LAG, ensuring link-level redundancy between LAN and firewall layers

🔄 Real-World Results

Survived ISP outages with zero downtime thanks to SD-WAN
No business disruption during firewall firmware upgrades (failover was seamless)
Local power failures affected one side only — only endpoints connected to the affected internal switch lost connectivity, while core infrastructure remained operational
Easy to replicate at other offices due to modular and well-documented design

🧠 Lessons Learned

SD-WAN SLA tuning is critical — overly sensitive thresholds can cause flapping
Always validate HA failover under load — test VPNs, NAT, and logging
Label power and data paths clearly — it saves time in emergencies
Documentation is as important as design — it enabled repeatable deployments

📌 Final Thoughts

This design has proven highly effective across multiple office deployments. It offers true high availability across networking, power, and internet access layers — while staying relatively simple to manage.

If you’re designing or upgrading a branch office or small datacenter, consider using this architecture as a blueprint. Feel free to adapt it to your own stack — whether you're using FortiGate, Palo Alto, Meraki, or other gear.

DEV Community: Sebastian Mejia