kskit wrote: ...A lot of diagrams show a single switch, but that introduces a single point of failure. I was thinking about deploying one switch per internet line and doing a mesh.
That's it. If SPoF is what you really worry much you should adopt some sort of Virtual Switching technology at that switching level (backplane-fabric or frontplane stacking [*] <-- no VRRP is required) or to go down the VRRP path: in both cases you're going to connect each Fortinet FortiGate firewall with each virtual switch member breaking the SPoF.
[*] that will be possible by adopting an IRF technology approach using smaller HPE Comware base switches (5500/5120/5130 EI series, as example) or adopting recent VSF Virtual Switching Framework technology - available on Aruba 2930F, as example - or, more, backplane stacking (Fabric Stacking with dedicated Stacking Modules/Cables) supported on Aruba 2920, 2930M, 3800 or 3810M. It looks like Firewalls companies rarely consider this networking approach (maybe because setting up a VRRP on two switches could cost less than using any Virtual Switching approach for which there are HW/SW related specific restrictions <-- that should be verified because VRRP, as a feature, is not always supported on low end switches and so its adoption has restrictions too).
I'm not an HPE Employee
Mmmm...since you wrote about HA Active/Passive I was thinking that both your firewalls have dual WAN connectivity in place...in this scenario both - the active and the passive - can be concurrently downlinked to a (virtual) Switch and that make sense to avoid SPoF - with respect to a single physical switch - at that specific level.
I'm not an HPE Employee