Description
This article describes how to configure a FortiAuthenticator Layer 2 HA A-P cluster.
Scope
FortiAuthenticator.
Solution
Below is the Step-by-Step HA guide:
License Config:
After initial configuration, assign the license keys.
In this example, port4 is used to be the HA interface to which the license is assigned to:
Configure High Availability Settings on the Primary unit.
Under System -> Administration -> High Availability and enable HA.
User Inventory.
After adding the license and configuring the HA management IP address, make sure that all limitations of trial license have been removed by checking User Inventory in the status dashboard.
Configure High Availability Settings on the Secondary unit:
HA Status.
Wait a few minutes to makes sure that all the configuration has been synced then check HA Status.
To access the HA management GUI IP of the HA interface of both units, it is necessary to have the Workstation in the same subnet as the HA interface configured on the FortiAuthenticator.
Node-Specific Default Gateway is an option if there are clusters in two different data centers and the default gateway for those data centers is different. Then you need to configure that option to be the correct gateway if failover occurs so that the node has access to the network.
If Node-Specific Default Gateway is set, that option will overwrite the default gateway in the static routing of the Node and that will become the new default gateway for the whole Node. Be careful with Node-Specific Default Gateway as it may lead to routing issues, especially after failover or failover to primary again.
From v6.6.0 there is the option to choose what will be the default gateway, node-specific gateway will be only used if the Override Static Routing setting is selected:
In the CLI Node Specific Gateway is ns-gw under the 'config system ha' setting:
set ns-gw <gateway> <----- Set a default gateway for the HA management interface.
Related documents:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.