Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kivoie
New Contributor

HA with different FG configs?

I would like to know if it is possible to have different configurations for FGs in a HA cluster? (eg. different interface IP addresses when they failover). We are running version 6.2.7 on all our FGs. I cannot find any information about my scenario elsewhere.

2 REPLIES 2
emnoc
Esteemed Contributor III

no ,not possible and would not make sense. In a true HA the master/standby are identical

 

Same l3 interface, routes, users,.....it's a direct copy of each other outside of if you have reserverd-dedicate mgmt interfaces

 

[ul]
  • In HA each node needs to be 100% same hardware and fortiosversion[/ul]

     

    You might want to look at VRRP but I would not use VRRP ( cfg sync, session sycn,etc......are not doable )

     

     

    Ken Felix

     

  • PCNSE 

    NSE 

    StrongSwan  

    PCNSE NSE StrongSwan
    hklb
    Contributor II

    kivoie wrote:

    I would like to know if it is possible to have different configurations for FGs in a HA cluster? (eg. different interface IP addresses when they failover). We are running version 6.2.7 on all our FGs. I cannot find any information about my scenario elsewhere.

    Yes, with FGSP : https://docs.fortinet.com...hronization-peer-setup

     

    emnoc wrote:

    no ,not possible and would not make sense. In a true HA the master/standby are identical

     

    Same l3 interface, routes, users,.....it's a direct copy of each other outside of if you have reserverd-dedicate mgmt interfaces

     

    [ul]
  • In HA each node needs to be 100% same hardware and fortiosversion[/ul]

     

    You might want to look at VRRP but I would not use VRRP ( cfg sync, session sycn,etc......are not doable )

     

     

    Ken Felix

     

  • Hi Ken,

     

    cfg sync, session sync, etc.. are doable with VRRP + FGSP.

     

    https://docs.fortinet.com/document/fortigate/6.2.7/cookbook/84777/using-standalone-configuration-syn...

    https://docs.fortinet.com/document/fortigate/6.2.7/cookbook/869218/fgsp-session-synchronization-peer...

     

    Regards

     

    Lucas

    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors