Created on 03-29-2015 05:22 PM Edited on 07-21-2024 04:38 AM By Jean-Philippe_P
Description
This article describes the basic HA setup.
Scope
FortiGate.
Solution
The conditions for configuring HA are as follows:
Note: If the licenses are not the same on both FortiGates, the lowest license level between the two will apply. For example, if one FortiGate has Advanced Malware Protection and the other one does not, then the HA cluster will not have Advanced Malware Protection.
Settings are synchronized between the devices part of the HA cluster, except for a few items, like hostname, HA-related settings like a priority, and management interface settings.
The below steps are only for the basic setup of HA.
If you do not have a backup file, skip this step.
2. Set up the HA configuration on the Master as follows using the CLI :
config global <- 'This is only required if multi VDOMs is enabled'.
config system ha
set mode {a-a / a-p}
set group-name <name>
set group-id <ID> <- 'group name and group id is recommended to be changed in case other HA setup are found on the same network'.
3. Make sure that the Slave has no configurations applied. It is possible to achieve that by executing the command 'exec factoryreset'.
4. Set up the HA configuration on the Slave. Make sure that the priority is lower than the Master unit. The other HA parameters should match.
set group-id <ID> <- 'group name and group id is recommended to be changed in case other HA setup are found on the same network'.
5. Once this is done, shut down the Slave to connect the heartbeat cable(s) in the interface(s) indicated in the HA configuration and all the other cables including internal network cable(s) and external network cable(s).
6. Power on the Slave and give it a few minutes before it synchronizes as it can take some time to synchronize depending on the configuration.
Related documentation:
HA active-passive cluster setup
Technical Tip: Rebuilding an HA cluster
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.