Virtual FortiGate HA and Licensing Clarification

Question

Hello,I have the following setup and would like your clarification.We have a virtual FortiGate firewall deployed, with multiple services running behind it. In case this virtual machine experiences an issue or goes down, we would like to have a backup / failover–like solution, similar to what we normally implement with hardware FortiGate HA.Is it possible to implement such a setup using two virtual FortiGate instances?Additionally, I have a licensing-related question. We currently have only one license purchased for a single virtual FortiGate instance.In a hypothetical scenario where:the primary FortiGate has an issue, anda secondary FortiGate VM exists but is powered off,would it be possible to use the same license on the secondary VM?More specifically:If the primary FortiGate fails, can traffic automatically fail over to the secondary VM?Or is it mandatory to configure HA, which would require purchasing an additional license?As far as I understand, FortiGate licenses are tied to the serial number, and if both virtual machines do not share the same serial number, HA synchronization would not be possible.Please help clarify the correct and supported approach and share your recommendation.Thank you in advance for your assistance.

AEK · Answer

Hi LizaLicense sharing in HA is only applicable for entry level models.https://docs.fortinet.com/document/fortigate/7.6.5/administration-guide/246857/single-fortiguard-license-for-fortigate-a-p-ha-clusterWhen you install VM, if you need real time HA (without any downtime) then you need a second VM with an additional license for it.Otherwise, if your business tolerates some downtime on your network in case you FGT VM crashes and can't start anymore, then you can just restore it from VM backup. This is one clear advantage of virtual appliance against physical appliance.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded