FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
epiquette
Staff
Staff
Description

 The bellow steps are only for basic setup of HA

1- Have the Master running with all the correct configurations (only if you have a backup configuration to restore with the same firmware that is running on the unit). If not you can skip this step.
2- Make sure that all interfaces on both units are set to Static.
3- Set up the HA configuration on the Master as follows using the CLI :

# config global
"The above command is only for VDOM admins"
# config system ha
# set mode {a-a / a-p}
# set group-name <name>

         # set group-id <ID>
         "group name and group id is recommended to be changed in case other HA setup are found on the same network"

# set password <password>
# set hbdev <"interface name"> <integer>
"The above line is where you indicate your heartbeat interfaces"
# set priority <priority>
# end

4- Make sure that the Slave has no configuration you can do that by executing the command "exec factoryreset"
5- The Slave unit also has to be on the same firmware version build as the Master.
6- Set up the HA configuration on the Slave.  Make sure that the priority is lower that the Master unit.  The other HA parameters should match.

# config global
"The above command is only for VDOM admins"
# config system ha
# set mode {a-a / a-p}
# set group-name <name>

         # set group-id <ID>
         "group name and group id is recommended to be changed in case other HA setup are found on the same network"

# set password <password>
# set hbdev <"interface name"> <integer>
"The above line is where you indicate your heartbeat interfaces"
# set priority <priority>
# end

9- Once this is done, you can shutdown the Slave to connect the heart beat cable(s) in the interface(s) that you have indicated in the HA configuration and all the other cables including internal network cable(s) and external network cable(s).
10- Power on the Slave and give it a few minutes before it synchronizes as it can take some time to synchronize depending on the configuration that you have.

See also Fortinet cookbook article:
http://cookbook.fortinet.com/high-availability-two-fortigates/


Contributors