We have a customer consolidating two offices into one. Both sites have operational FortiGate 40F units with active licenses. My question is, can I take the firewall from Site B and add it to Site A as a high availability unit? Figured it'd be a better use case for it than sitting on the shelf. Thanks!
...and of course, running the same firmware version!
You would need to configure the HA settings on both units, set "set override enable" on the designated primary, and connect the secondary with only the HA link cable connected.
Note that for connecting your network(s) to a cluster, you will need a switch to duplicate the firewall ports.
Stuff is laid out in the Admin Guide, HA chapter.
One last advice:
if the contracts differ, either in the kind of services or in the expiry date, you can always acquire a "co-term" contract to align both. That is a contract for adding service categories, and duration measured in days. That way, you can always match the 'better' contract's features and expiry date.
I understand that you have 2 FortiGate-40F licensed devices each in SiteA and SiteB.
Your query is based on if you can Form HA out of these 2 boxes.
> Answer is Yes. You can deploy HA among 2 same model devices.
> However, there are Constraints that you will have to look onto.
1. Both Should have same license.
2. It is good if you have a dedicated HA connectivity using Leased line for better HA functionality. Over the internet there could be unforeseen issue with HA functionality and tuning may be required with the HA Heartbeat ratio and down threshold.
3. You can deploy it as Active Active HA peers.
However, suggestions are to go with VPN to connect both FGT-40F devices to consolidate 2 office into one. However only if redundancy is priority, I suggest to go for Active Active HA deployment.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.