Fortinet HA configuration ( Active - Passive )

Umesh · ‎05-20-2022

Hi All,

Please give me two minutes whether what I have configured for the ha cluster is good or not as I am new to Fortinet.

Please go through the below snapshot once. I would like to also tell what I have configured is working fine as per my knowledge. kindly share your comment on it.

Thanks & Regards,

Umesh Prajapati

India

aahmadzada · ‎05-20-2022

1. Suggestion to configure interface monitoring under HA settings- that will allow you to failover if one of the monitored interfaces goes down for any reason.

2. Also configure Remote link monitoring:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/252877/remote-link-failover

Ahmad

jintrah_FTNT · ‎05-20-2022

Hi Umesh,

Setup looks good to me, you may want to add additional heartbeat port (if any free available port exist on device) for better redundancy.

Best regards,

Jin

AEK · ‎05-20-2022

Agree with Jintrah to add secondary heartbeat, in case one breaks you avoid to have useless split brain.

Optionally you can add monitored interfaces in case you have critical links, e.g. if the primary FGT lost port4 link, the secondary FGT takes over, this will guarantee that your app server is always reachable even if the port4 link breaks on primary FGT.

AEK