- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HA on FortiGate-VM under Hyper-V
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The same thing is happening to me, did you find the solution?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @amg7 ,
If you want to use HA on Hyper-V you need to do additional configuration.
You can review this document about Configuring HA on Hyper-V.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @ozkanaltas
Do the unicast settings need to be configured?
config system ha
set unicast-hb {enable/disable}
set unicast-hb-peerip {Peer heartbeat interface IP address}
end
is there an additional option for these settings in hyperV?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @amg7 ,
It's up to your choice. If you want to use unicast, you need to enter these commands. However, if you want to use anycast, the "Mac address spoofing" setting must be supported and turned on in the interfaces on Hyper-V.
For FortiGate-VMs to support a broadcast HA heartbeat configuration, you must configure the virtual switches that connect heartbeat interfaces to support MAC address spoofing.
In addition, you must configure the VM platform to allow MAC address spoofing for the FortiGate-VM data interfaces. This is required because in broadcast mode, the FGCP applies virtual MAC addresses to FortiGate data interfaces, and these virtual MAC addresses mean that matching interfaces of the FortiGate-VM instances in the cluster have the same virtual MAC addresses.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @ozkanaltas
I configured MAC address spoofing on all the Hyper-V interfaces but it is very strange I have GUI access to the secondary forti but not to the primary, the HA cluster is not established, it is as if they do not see each other. Can you think of anything?
Thanks
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @amg7 ,
Are your HA heartbeat interfaces in the same network, right?
Also, you can try with unicast mode.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, and I ping from one to the other. I have tried unicast and the same thing happens. I don't know what else to try
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Normally you should not configure anything to this interface.
Did you do this just for testing?
NSE 4-5-6-7 OT Sec - ENT FW
