Skip to main content
Ispa-Li
Ispa-Li
Explorer
January 7, 2025
Solved

Managing a FortiGate HA Cluster (Active-Active) Without FortiManager

  • January 7, 2025
  • 3 replies
  • 1529 views

 

We are planning to set up a High Availability (HA) cluster in Active-Active mode using two FortiGate 901 firewalls.

Our question is straightforward: is it possible to create and manage an HA Active-Active cluster without using FortiManager?

As far as I understand, the creation of the HA cluster does not require FortiManager. After the cluster is established, all settings configured on the primary unit can be automatically synchronized to the secondary unit through FGCP. Additionally, the primary unit can be accessed and managed directly via its web interface.

I would appreciate an official response to this query so that I can share it with my manager.

Thank you for your assistance.

Best answer by dingjerry_FTNT

Hi @Ispa-Li ,

 

Quick answer:  Yes, you are correct.

3 replies

dingjerry_FTNT
Staff
dingjerry_FTNTAnswer
Staff
January 7, 2025

Hi @Ispa-Li ,

 

Quick answer:  Yes, you are correct.

AEK
SuperUser
AEK
SuperUser
January 7, 2025

As mentioned by Jerry, you don't need FortiManager for HA setup.

And here is an official response from admin guide.

https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/357558/ha-active-active-cluster-setup

 

AEK
    Renante_Era
    Staff
    Renante_Era
    Staff
    January 7, 2025

    You can manage each FortiGate via CLI using # exec ha manage <id> <username>. For instance, # exec ha manage 1 admin  <-- use 0 if 1 didn't work

     

    Alternatively, you can manage each device separately through the GUI:

    Out-of-band management with reserved management interfaces | FortiGate / FortiOS 7.4.0 | Fortinet Document Library

    HA reserved management interfaces | FortiGate / FortiOS 7.4.3 | Fortinet Document Library

      Terms & ConditionsAccessibility statement