acvaldez
Staff
Staff
Description
This article describes how to establish an ACTIVE – PASSIVE FortiAuthenticator cluster member with load-balancing slave.
Solution
PRIMARY FortiAuthenticator has management interface IP of             10.176.1.104 gateway is 10.176.2.86.
SECONDARY FortiAuthenticator has management interface IP of        10.47.6.89 gateway is 10.47.7.254.
LOAD BALANCING SLAVE IP                                                            10.176.2.100 gateway is 10.176.2.86.


Primary FortiAuthenticator configuration.

High Availability Settings:




Secondary FortiAuthenticator configuration.

High Availability Settings:




Static Route configuration:
- Main use of the static route here is because it is necessary  to make sure that the primary and secondary FortiAuthenticator will reach the Load Balancing slave via management interface.
- Just configure this on Primary FortiAuthenticator and it will sync that route configuration to secondary FortiAuthenticator.




Load Balancing Slave FortiAuthenticator configuration.

High Availability Settings:
- It is necessary to configure here the management IP address of the PRIMARY FortiAuthenticator. 
- And after that it will automatically detect the management IP address of the SECONDARY FortiAuthenticator.




Static Route configuration:
- Static route is needed for the load balancing slave to reach the management IP address of the FortiAuthenticator PRIMARY and SECONDARY.




Result.
- The Load Balancing Slave is now communicating and syncing successfully with PRIMARY Fortiauthenticator
- Then ones the Primary FortiAuthenticator is down, the Load Balancing Slave is connected with Secondary FortiAuthenticator.



Contributors