I have 3 sites and 6 FAC vms , 2 fac in HA(active-passive) in each site is deployed. one site will be primary and other two will be secondary. can we syn config of primary site with other two site in this setup?
Solved! Go to Solution.
Hi Debbie,
Thanks for your effort. 
please help me to understand the traffic handling, can i route the traffic to loadbalancer node  manually while active primary is still alive.
I think you need to configure them all as active-active Geo cluster, with a load balancer in which you just configure the LB rule you need.
can i make HA(active-passive) cluster as a loadbalancer?
Hey magarm,
in a load-balancing FortiAuthenticator cluster you can have an active-passive cluster as primary, but the actual load-balancing nodes must be standalone FortiAuthenticators, not active-passive pairs.
You can have up to ten load-balancing nodes linked to the same primary, and the primary can be an active-passive pair, so you could in theory have two separate load-balancing nodes at each site.
Please note there is no failover or promotion mechanism in a load-balancing cluster, and while most configuration can be synced, not all of it will be.
A bit of info on load-balancing setups: https://community.fortinet.com/t5/FortiAuthenticator/Technical-Tip-How-to-configure-FortiAuthenticat...
Cheers,
Debbie
Hi Debbie,
Thanks for your effort. 
please help me to understand the traffic handling, can i route the traffic to loadbalancer node  manually while active primary is still alive.
There is no "traffic routing" here.
For example if you are using RADIUS client (NAS), it depends on how you configure it, you can configure 1st FAC as primary RADIUS and 2nd FAC as secondary, so the RADIUS client will send the request to the 1st FAC, and in case it doesn't respond (down), the client will then automatically send to the second.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.