Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hatanmaek
New Contributor

FortiGate question

We have a customer consolidating two offices into one. Both sites have operational FortiGate 40F units with active licenses. My question is, can I take the firewall from Site B and add it to Site A as a high availability unit? Figured it'd be a better use case for it than sitting on the shelf. Thanks!

router login 192.168.l.l
3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

By assuming both 40Fs have the same FortuGuard services/licenses, yes, that's how you can set up HA.

 

Toshi

ede_pfau
SuperUser
SuperUser

...and of course, running the same firmware version!

You would need to configure the HA settings on both units, set "set override enable" on the designated primary, and connect the secondary with only the HA link cable connected.

 

Note that for connecting your network(s) to a cluster, you will need a switch to duplicate the firewall ports.

Stuff is laid out in the Admin Guide, HA chapter.

 

One last advice:

if the contracts differ, either in the kind of services or in the expiry date, you can always acquire a "co-term" contract to align both. That is a contract for adding service categories, and duration measured in days. That way, you can always match the 'better' contract's features and expiry date.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
YBKruthi
Staff
Staff

Hi @hatanmaek 

 

I understand that you have 2 FortiGate-40F licensed devices each in SiteA and SiteB.

Your query is based on if you can Form HA out of these 2 boxes.

 

> Answer is Yes. You can deploy HA among 2 same model devices.

> However, there are Constraints that you will have to look onto.

1. Both Should have same license.

2. It is good if you have a dedicated HA connectivity using Leased line for better HA functionality. Over the internet there could be unforeseen issue with HA functionality and tuning may be required with the HA Heartbeat ratio and down threshold.

3. You can deploy it as Active Active HA peers.

 

However, suggestions are to go with VPN to connect both FGT-40F devices to consolidate 2 office into one. However only if redundancy is priority, I suggest to go for Active Active HA deployment.

 

Thanks,

Kruthi 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors