Step 1: Deploy FortiAuthenticator VMs on VMware ESXi using OVA templates.

To deploy FortiAuthenticator VM on VMware ESXi refer to this article: Technical Tip: How to deploy FortiAuthenticator in High Availability (HA) on VMware ESXi.

Step 2: Configure VMware Network for Heartbeat:

Create a vSwitch for heartbeat In Networking -> Virtual Switches, add a new virtual switch.

Create a VM Port Group for Heartbeat:

In Networking -> Port Groups, add a new port group (HA_PORTGROUP) and associate it with the vSwitch created for HA communication.

Assign Portgroup to VM Interfaces:

Step 3: Configure Fortiauthenticator interfaces:

On FortiAuthenticator, configure an IP address on Port1 for Management and Data traffic and configure Port 3 For HA:

Step4: Configure HA setup on FortiAuthenticator:

• Enable HA on Primary FortiAuthenticator: On the primary firewall.
• Go to System -> HA and enable HA.
• Configure the following settings:
  • Role: Set the Role as Cluster Member.
  • Heartbeat Interface: Select Port3(or the interface dedicated to the heartbeat).
  • Cluster Member IP: Enter the Port3 IP address of the secondary FortiAuthenticator.
  • Password: Enter a shared secret key for authentication between HA peers.
  • Priority: Set priority as High on the primary firewall and Low on the Secondary firewall.

Repeat the same configuration on the Secondary firewall and set the priority as low: