Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Camshaft007
New Contributor

FTNT-FAC HA Licensing Planning Question/Help

So, I'm in the process of spinning up my Shinny new FortiAuth VMs and would like to put them in an HA/LB-Cluster.. Documentation - CHECK

Documentation on Licensing Sync between HA/LB:  Vague at best and doesn't really exist or provide details. 

 

However, I am hesitant to apply my FAC licenses to any of my VMs due to my lack of understanding how Licensing works in a HA/LB configuration.. 

Do I or should I load all my FAC licenses on one box, then hope they sync between the two?  Do I need to split my FAC licenses between them?  What if one of the boxes fails and the LB/Slave takes over as primary?  Will it inherit the licenses from the LB/Master?  Will the FortiMobile Token licenses sync between the Two?

 

Any guidance on this matter is much appreciated! 

 

BTWS: FAC-OS-4.1.2

 

Thank you in advance! 

 

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
2 REPLIES 2
ergotherego
Contributor II

I just started setting up my FAC VMs and my SE told me this:

[ul]
  • User licenses need to be installed on both. So you need double the quantity.
  • Token licenses only need to be installed on one.[/ul]

    And if you are doing HA across data centers (via L3) you have to go active-active in order to have the tokens apply across both systems.

  • theFWdude

    Thank's Ego for the reply.  So, I did  purchase double the quantity (that's so dumb BTW!!!) and put them on both and put the mobile token on the "PRIMARY" and both FAC's are in sync.  The HA/L3 is Master/Slave A/A btw.  Agian, thanks for you help. 

    ergotherego New Member 

    -TFWD

    -TFWD
    Labels
    Top Kudoed Authors