Move HA from Active-Passive to Active-Active

keithnet · ‎08-14-2012

Hey, I need to change my HA configuration but can' t seem to find documentation for this. Can I just flip the switch to active active and both units in the HA figure it out? Or do I need to disable HA and reset it up?

rwpatterson · ‎08-14-2012

Well, if you disable A-P, then you have 2 firewalls. Simply set them up as A-A, making sure that the primary has the higher priority, or the bogus settings from the backup unit will overwrite the good one.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Zeihold_von_SSL · ‎08-14-2012

No you can just change the ha config via gui. But you may have a look at the ha guide provided by fortinet: http://docs.fortinet.com/fgt/handbook/40mr3/fortigate-ha-40-mr3.pdf You also may loose connection (a short interrupt) while the cluster changes its state from a-p to a-a. We have done this about 9 moths ago. I don' t rember anything special.

Regards Rene ---

[size="1"]FCNSA.v5, FCNSP.v5, FCESP[/size]

Home: FWF60D FortiAP 220B Office: FWF60C, FWF60D, FGT110C, FGT200B, FortiManager, FortiAnalyzer, FortiAP 220B

keithnet · ‎08-15-2012

Excellent. Thank you for the reply!

emnoc · ‎08-16-2012

Just remember in a cluster the HA priority needs to be review. Also keep in mind the priority FW handles all broadcast, icmp and udp traffic. You can add numerous secondareis firewalls into the cluster to distribute load-balancing and other functions. just make sure ; you have redundant HA links and the same model with same code

PCNSE

NSE

StrongSwan

Move HA from Active-Passive to Active-Active

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website