FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
When the FortiAuthenticator is in HA A-LB, the following must be considered:
Synchronization of users and groups occurs in the load-balancing setup.
However, other configurations are not synchronized. It is necessary to recreate the LDAP server, realm, RADIUS client, and policy on the load-balancing node.
The RADIUS client and LDAP server can have different IPs, especially since the load-balancing node may be in a different location. Nevertheless, they must share identical names with the LDAP server/RADIUS client on the primary FortiAuthenticator.
All references to LDAP server/RADIUS client/other configurations will be made using names. Therefore, as long as an object with the same name exists on the load-balancing node, there should be no synchronization issues.
During the configuration on the primary node, there might be a temporary out-of-sync situation with the load-balancing node because the same objects do not yet exist on the load-balancing node.
