Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
emillandstrom
New Contributor

Enabling vCluster2

Hi,

 

I was wondering how disruptive it is to enable vCluster2 on a production Fortigate installation which is already up and running. Does it affect the existing traffic in any way?

 

Cheers!

Emil

2 Solutions
vjoshi_FTNT

Hello Emil,

 

I haven't tried this in a production setup, however, logically, it shouldn't impact the traffic if configured properly.

 

You enable the secondary vcluster and the production vdoms should be configured to have the current master as master and the new vdom for the current slave.

 

 

View solution in original post

emnoc
Esteemed Contributor III

Enabling the vcluster is not disruptive,  and I have to disagree that it's not enabled by default 

 

As suggested earlier; get sys ha status  | grep vclu will tell you if vcluster#2  is enabled

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

7 REPLIES 7
vjoshi_FTNT
Staff
Staff

Hello Emil,

 

Do you have multiple VDOMs in the setup?

If yes, then the vcluster2 is enabled by default.

 

However, you need to configure the secondary-vcluster to add the vdoms to it.

 

Yes, this might cause interruptions to the traffic if you are doing it in a production setup.

 

 

emillandstrom

Hi,

 

Thanks for the reply. Yes, i have 3 VDOMs, 2 out of which (root, vdomx) are handling production traffic at the moment. The third VDOM (vdomy) is not in use right now.

 

I want to configure the VDOM partitioning so that root and vdomx stay active in vcluster 1 (where they are now), and vdomy is active in vcluster 2. 

 

My original query was actually more intended to mean "Will configuring the "secondary-vcluster" parameter disrupt traffic in the primary vcluster?".

 

Cheers!

Emil

 

vjoshi_FTNT

Hello Emil,

 

I haven't tried this in a production setup, however, logically, it shouldn't impact the traffic if configured properly.

 

You enable the secondary vcluster and the production vdoms should be configured to have the current master as master and the new vdom for the current slave.

 

 

telecosistem
New Contributor

Hello,

What is the operation mode of this vCluster?

Attach the output of this command

"show sys ha"

"drag sys ha status"

Best Regards,

emnoc
Esteemed Contributor III

Enabling the vcluster is not disruptive,  and I have to disagree that it's not enabled by default 

 

As suggested earlier; get sys ha status  | grep vclu will tell you if vcluster#2  is enabled

 

 

PCNSE 

NSE 

StrongSwan  

emillandstrom

Hi,

 

Just thought I'd report back. I enabled and configured the secondary vcluster (it was NOT enabled as default) and moved the inactive VDOM to it. We did not experience any disruptions to the production traffic.

 

Regards,

Emil

emnoc
Esteemed Contributor III

 

 

A few key points if you operate from cli ( I'm a cli guru ) 

 

1: the route RIB will be active on the active  unit only

 

2: packet sniffer will only give details on the active physical unit 

 

3: ARP request will be seen on both ACT and non-ACT FGT units but the traffic is handle by the ACTIVE unit  that host that vodka on that cluster

 

 

PCNSE 

NSE 

StrongSwan