Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
emillandstrom
New Contributor

Created on ‎09-19-2016 06:18 AM

Enabling vCluster2

Hi,

 

I was wondering how disruptive it is to enable vCluster2 on a production Fortigate installation which is already up and running. Does it affect the existing traffic in any way?

 

Cheers!

Emil

Labels:
7289
0 Kudos
2 Solutions
vjoshi_FTNT
Staff
Staff
In response to emillandstrom

Created on ‎09-25-2016 12:43 AM

Hello Emil,

 

I haven't tried this in a production setup, however, logically, it shouldn't impact the traffic if configured properly.

 

You enable the secondary vcluster and the production vdoms should be configured to have the current master as master and the new vdom for the current slave.

 

 

View solution in original post

4800
0 Kudos
emnoc
Esteemed Contributor III
In response to telecosistem

Created on ‎09-25-2016 11:06 AM

Enabling the vcluster is not disruptive,  and I have to disagree that it's not enabled by default 

 

As suggested earlier; get sys ha status  | grep vclu will tell you if vcluster#2  is enabled

 

 

PCNSE 

NSE 

StrongSwan  

View solution in original post

PCNSE NSE StrongSwan
4801
0 Kudos
7 REPLIES 7
vjoshi_FTNT
Staff
Staff

Created on ‎09-21-2016 11:42 PM

Hello Emil,

 

Do you have multiple VDOMs in the setup?

If yes, then the vcluster2 is enabled by default.

 

However, you need to configure the secondary-vcluster to add the vdoms to it.

 

Yes, this might cause interruptions to the traffic if you are doing it in a production setup.

 

 

4745
0 Kudos
emillandstrom
New Contributor
In response to vjoshi_FTNT

Created on ‎09-21-2016 11:51 PM

Hi,

 

Thanks for the reply. Yes, i have 3 VDOMs, 2 out of which (root, vdomx) are handling production traffic at the moment. The third VDOM (vdomy) is not in use right now.

 

I want to configure the VDOM partitioning so that root and vdomx stay active in vcluster 1 (where they are now), and vdomy is active in vcluster 2. 

 

My original query was actually more intended to mean "Will configuring the "secondary-vcluster" parameter disrupt traffic in the primary vcluster?".

 

Cheers!

Emil

 

4745
0 Kudos
vjoshi_FTNT
Staff
Staff
In response to emillandstrom

Created on ‎09-25-2016 12:43 AM

Hello Emil,

 

I haven't tried this in a production setup, however, logically, it shouldn't impact the traffic if configured properly.

 

You enable the secondary vcluster and the production vdoms should be configured to have the current master as master and the new vdom for the current slave.

 

 

4801
0 Kudos
telecosistem
New Contributor

Created on ‎09-25-2016 10:54 AM

Hello,

What is the operation mode of this vCluster?

Attach the output of this command

"show sys ha"

"drag sys ha status"

Best Regards,

4745
0 Kudos
emnoc
Esteemed Contributor III
In response to telecosistem

Created on ‎09-25-2016 11:06 AM

Enabling the vcluster is not disruptive,  and I have to disagree that it's not enabled by default 

 

As suggested earlier; get sys ha status  | grep vclu will tell you if vcluster#2  is enabled

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4802
0 Kudos
emillandstrom
New Contributor
In response to emnoc

Created on ‎09-26-2016 12:32 AM

Hi,

 

Just thought I'd report back. I enabled and configured the secondary vcluster (it was NOT enabled as default) and moved the inactive VDOM to it. We did not experience any disruptions to the production traffic.

 

Regards,

Emil

4745
0 Kudos
emnoc
Esteemed Contributor III
In response to emillandstrom

Created on ‎09-26-2016 08:00 AM

 

 

A few key points if you operate from cli ( I'm a cli guru ) 

 

1: the route RIB will be active on the active  unit only

 

2: packet sniffer will only give details on the active physical unit 

 

3: ARP request will be seen on both ACT and non-ACT FGT units but the traffic is handle by the ACTIVE unit  that host that vodka on that cluster

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
4745
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.