Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nbctcp
New Contributor III

Replace a Fortigate in HA to newer model

I ask this question to Indonesia Forti employee this morning

Let say I have Fortigate HA with same model.

Later next year my model already EOL.

If one of Fortigate died and need to be replaced with newer model.

He said that must use same model

 

QUESTIONS: 1. anyone tried replacing with newer and better model. maybe not exactly the same model but similar model. number of ports are the same but maybe faster CPU and bigger RAM tq

2 Solutions
ShawnZA

Hardware revision refers to the same model ie 200E but the hardware inside might be different, like the hard drive.

 

From Fortigate:

Some FortiGate models have multiple versions of hardware. Typically this means minor changes such as an increase of memory or a different disk drive vendor while retaining the same major platform name. These different versions are known as "revision" levels (For example FortiGate 5001B rev1, FortiGate 5001B rev2).

 

View solution in original post

ede_pfau
Esteemed Contributor III

VRRP will work with Fortigates but IMHO it's clumsy and takes a lot of time for failover. No comparison to FOS HA.

Usually, if I run a FGT HA cluster, my devices have at least a FortiCare subscription. If one unit fails, I have it replaced, and it's Fortinet's trouble to supply the same model even if it's out of production. I guess your case is different...


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

11 REPLIES 11
tioeudes
Contributor

Hello nbctcp,

 

Sorry but it can't be done. Fortigate devices should be the same model to form a cluster.

 

 

Regards,

Eudes Braga

nbctcp
New Contributor III
ShawnZA

Hardware revision refers to the same model ie 200E but the hardware inside might be different, like the hard drive.

 

From Fortigate:

Some FortiGate models have multiple versions of hardware. Typically this means minor changes such as an increase of memory or a different disk drive vendor while retaining the same major platform name. These different versions are known as "revision" levels (For example FortiGate 5001B rev1, FortiGate 5001B rev2).

 

nbctcp
New Contributor III

If that the case then when that happen I need to change from HA to VRRP

[link]https://forum.fortinet.com/tm.aspx?m=160969[/link]

ede_pfau
Esteemed Contributor III

VRRP will work with Fortigates but IMHO it's clumsy and takes a lot of time for failover. No comparison to FOS HA.

Usually, if I run a FGT HA cluster, my devices have at least a FortiCare subscription. If one unit fails, I have it replaced, and it's Fortinet's trouble to supply the same model even if it's out of production. I guess your case is different...


Ede

"Kernel panic: Aiee, killing interrupt handler!"
tioeudes

Also, VRRP won't provide configuration sync, which can be a problem.

Alexis_G
Contributor II

Yes there is an option on HA configuration to ignore diffs in hardware , meaning for example 300C with 300E not 300C with 1500C ....

 

see:

https://kb.fortinet.com/kb/viewContent.do?externalId=FD35376&sliceId=1

--------------------------------------------

If all else fails, use the force !

nbctcp
New Contributor III

It didn't mention 300C to 300E but FortiGate 5001B rev1, FortiGate 5001B rev2.

 

Another alternative instead of hardware then use vm.

But I don't know whether the same license key can be used in case of replacing server hardware

emnoc
Esteemed Contributor III

You do know a 300C and 300E are not even close to be identical ( cpu, memory, and number and type of ports & PS ).

 

Let's be clear, "no you can not make a HA cluster with a 300C and 300E".

 

Ken Felix

PCNSE 

NSE 

StrongSwan