We have two pairs of Fortinet firewalls in HA mode, one pair in each of our two data centers. The firewalls are 600E's running 6.4.7GA. We require each cluster to have an IP address on the same VLAN. One cluster has an IP of 10.1.3.1 and one cluster has an IP of 10.1.3.2. (We are not running VRRP). However we are finding that the two clusters both have the same mac address on their interfaces (see output from a switch) 10.1.3.2 0009-0f09-0005 20 D-0 XGE1/0/19 10.1.3.1 0009-0f09-0005 20 D-0 Eth-Trunk1 Could you let me know how I can resolve this issue? Having looked at various documents I believe that I need to set the HA "group ID" of one of the clusters, as both of the clusters currently have a default id of zero. Am I right in thinking that I need to do the following? (1) Attach to both HA firewalls in one of the data centers with a console cable (2) run the commands as follows: config system ha set group-id 1 Please let me know if this is the correct solution and whether this will cause significant downtime. Many thanks
The mac address issue can be resolved by setting the HA "group ID" of one of the clusters. To do this, you will need to attach to both HA firewalls in one of the data centers with a console cable and run the following commands: config system ha set group-id 1. This will cause some downtime, but it should be minimal. If you have further problems, I would recommend working with experts in the IT domain that helped me to run and set up a big server for my node business. They are the most receptive guys.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.