Created on 12-13-2004 12:00 AM Edited on 11-18-2022 02:38 AM By Jean-Philippe_P
Description
This article describes how works FortiGate HA and dynamic interface support (DHCP, PPPoE).
Scope
FortiGate.
Solution
FortiGate HA compatibility with DHCP and PPPoE:
DHCP and PPPOE Support for Active-Passive Mod.
FortiGate HA with firmware V5.2.0 or later is now compatible with DHCP and PPPoE but care should be taken when configuring a cluster that includes a FortiGate interface configured to get its IP address with DHCP or PPPoE.
Fortinet recommends that has been turned on DHCP or PPPoE addressing for an interface after the cluster has been configured.
If an interface is configured for DHCP or PPPoE, turning on high availability may result in the interface receiving an incorrect address or not being able to connect to the DHCP or PPPoE server correctly.
On V5.0 and earlier versions :
If any of the FortiGate interfaces have DHCP or PPPoE enabled, HA cannot be enabled or vice versa.
Case 1) DHCP Enabled on the Interface already and to enable HA:
From GUI, when the mode is changed from Standalone to a-p or a-a and select 'Apply', HA mode will switch back to standalone without any error.
From CLI, the only mode available under HA is ‘standalone’ which means the HA is not supported.
FGT1KD-2 (ha) # set mode
standalone Standalone mode.
The system may run in HA A-A or HA A-P mode only when all interfaces are NOT using DHCP/PPPoE as an addressing mode.
Case 2) If the HA is already enabled with a-p or a-a mode and now the mode of the interface is changed from manual to DHCP or PPPoE, the error: 'Cannot set mode to DHCP or PPPoE when HA is on' will appear.
On FortiOS 5.6 and Above:
In HA A-P mode, when the Interface mode is changed from Manual to PPPoE/DHCP, the Interface mode will switch without any error.
In HA A-A mode, configuring an interface with mode 'PPPoE' and 'DHCP' is not supported; attempting to change the mode from Manual to PPPoE/DHCP would result in the error 'Cannot set mode to 'PPPoE' while HA is in Active-Active mode'.
Error In CLI:
# set mode pppoe
Cannot set mode to 'PPPoE' when HA is in Active-Active mode
node_check_object fail! for mode pppoe
value parse error before 'pppoe'
Command fail. Return code -217
Error In GUI:
If a standalone device is used with a PPPoE or DHCP enabled interface and it is wanted to change the HA Mode, the option to configure it with HA A-A mode will be unavailable, and only HA A-P mode will be allowed.
In CLI:
(ha) # set mode
standalone Standalone mode.
a-p Active-passive mode.
In GUI:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.