Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bjay_Prakash_Ghising
Contributor

HA between different hardware model?

Dear All,

 

I have done HA (Same Firmware - v7.2.2 and Operation Mode - NAT) between 60E and 60F. They have different hardware capacities, licenses, and interfaces (60F - a, b and 60E - internal 6, internal 7).

 

Configuration between them is synchronized and failover can also be achieved, However in HA GUI,

" 1 Table order Out of Sync: system.interface"

 

When I configured policies for every interface. All policies apart from interface "a" and "b" are synchronized and Policy of interface "a" and "b" have UUID shown in the secondary device. 

 

So, when I researched the solution. On firmware v5 there used to be exec ha ignore-hardware-revision enable commands. Please find the Link below

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Forming-an-HA-cluster-with-models-of-diffe...

 

And another thing I found was HA between VM and Physical hardware, where we can exclude synchronization between interfaces. However, it could not be achieved between physical hardware.

 

Here is the link:- https://community.fortinet.com/t5/FortiGate/Technical-Tip-HA-FortiGate-configurations-that-will-sync...

 

So, are there any commands that I can achieve full HA in GUI?

 

FortiGate  

 

Ghising
Ghising
2 REPLIES 2
jhussain_FTNT

Hi,

 

Please note that for the HA between the physical  hardware device has to be the same model, you cannot form HA between different models. Since they have  different physical interface, so it is not getting sync and logs shows out of sync .

 

The requirements for a HA are to have the same: -Firmware -Hardware model -Fortiguard, Forticloud and Forticlient licenses -Hard drive capacity and partitions -Operating mode.

 

ignore-hardware-revision is ignore the generation revision level, between cluster with 1500D Gen1 and 1500D Gen2 hardware revision models not for different models.

 

Regards

Jamal

 

 

Bjay_Prakash_Ghising

 

From Study Guide v7.0

FortiGate HA configuration requires a specific setup and devices. 

First, the configuration requires at least two, but up to four, FortiGate devices with the same:

  • Firmware
  • Hardware model and VM license
  • FortiGuard, FortiCloud, and FortiClient licenses
  • Hard drive capacity and partitions
  • Operating mode (transparent or - NAT)

From 6.0 Handbook.

In some cases, you may be able to form a cluster if different FortiGates have different firmware builds, different VDOM configurations, and are in different operating modes. However, if you encounter problems they may be resolved by installing the same firmware build on each unit and give them the same VDOM configuration and same operating mode. 

 

 

But in Study Guide, v7.0. it shows it requires at least two criteria to form HA and whereas the v6.0 handbook, tells that you can form an HA cluster with different Fortigate.

 

I have done HA with two similar criteria of the same firmware and the same operating mode.  All, the configurations except for interface "a and b" were synchronized, and seamless failover was achieved like normal HA.

 

Would you please, correct me on where am I going wrong here?

 

Ghising
Ghising
Labels
Top Kudoed Authors