Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jcegar
New Contributor II

Fortimanager - Add Model HA Cluster - Import Configuration

Hi all,

 

FortiManager: v7.2.0 b1124 220411 (GA)

Fortifgate 200F (2 devices, HA Cluster Configured) - FortiOS v6.4.8 build1914 (GA)

 

Two Fortigate devices are configured, up and running, A-P HA mode, 2 VDOM. If I add cluster devices to FortiManager using Add Model HA Cluster, devices are visible but almost all configured information are N/A

 

Host Name FG200F*****
Serial Number FG200F*****
IP Address 10.73.0.1
System Time - Fri Jun 17 02:01:41 2022 PDT
Uptime - N/A
Firmware Version - FortiGate 6.4,build1950
Hardware Status - N/A
Operation Mode -NAT
VDOM - VDOM Disabled

 

If I try to import configuration it only import default policy section. Device Interface no entry found.

 

Additional information:

 

fuse1.JPG

 

 

fuse2.JPG

 

If I try to add device using Discover Device, all information are available and update. Import configuration is fine.

 

Any additional information with adding HA devices to FortiManager and import their configuration?

 

 

Thanks.

 

 

 

 

 

 

 

 

2 Solutions
Debbie_FTNT
Staff
Staff

Hey jcegar,

 

the point of 'Add model device' is to be able to set up a policy package and system configuration before the FortiGate is even added to FortiManager.

The goal is usually deployment:

- a policy package, interface settings etc are all set up in advance

- the actual FortiGate the model is for is connected

- installation can happen immediately, and FortiGate is ready to operate

 

The model device is essentially a dummy entry with no FortiGate behind it at first; it starts with the default configuration a FortiGate of that model would have, including default policies. Importing from a model device will just pull the default policy from that default config.

 

After you have linked the model device to the actual physical device and ensured the config is in sync, would the policy import reflect policies existing on the real device.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

Debbie_FTNT

Hey jcegar,

not quite; if you want to add an already configured HA cluster, you do not add it as a model device, but simply go through the device discovery process. The FortiManager should speak to primary FortiGate and discover that it is a cluster automatically.

It should create the Device Database entry, and then you can import policies; there is no real difference in how FortiManager treats FortiGate clusters or standalone units.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

5 REPLIES 5
Anonymous
Not applicable

Hello @jcegar , 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

       Fortinet Community Team 

Debbie_FTNT
Staff
Staff

Hey jcegar,

 

the point of 'Add model device' is to be able to set up a policy package and system configuration before the FortiGate is even added to FortiManager.

The goal is usually deployment:

- a policy package, interface settings etc are all set up in advance

- the actual FortiGate the model is for is connected

- installation can happen immediately, and FortiGate is ready to operate

 

The model device is essentially a dummy entry with no FortiGate behind it at first; it starts with the default configuration a FortiGate of that model would have, including default policies. Importing from a model device will just pull the default policy from that default config.

 

After you have linked the model device to the actual physical device and ensured the config is in sync, would the policy import reflect policies existing on the real device.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
jcegar
New Contributor II

Thank you Debbie for answers.

 

So, you mean there is no way to add already configured HA Cluster with two Fortigate devices and import polices from previously configured HA devices? 

 

BR

Debbie_FTNT

Hey jcegar,

not quite; if you want to add an already configured HA cluster, you do not add it as a model device, but simply go through the device discovery process. The FortiManager should speak to primary FortiGate and discover that it is a cluster automatically.

It should create the Device Database entry, and then you can import policies; there is no real difference in how FortiManager treats FortiGate clusters or standalone units.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
jcegar
New Contributor II

Yes, I think that I already tried that and I have also tried import policies with success. But I didn't see that it show HA Status. I have tried it again and looked carefully and now I see that there is HA status.

 

Thanks a lot Debbie, it is clear now.

Top Kudoed Authors