Cluster setup
HA active-passive cluster setup
An HA Active-Passive (A-P) cluster can be set up using the GUI or CLI.
This example uses the following network topology:
To set up an HA A-P cluster using the GUI:
- Make all the necessary connections as shown in the topology diagram.
- Log into one of the FortiGates.
- Go to System > HA and set the following options:
| Mode | Active-Passive |
| Device priority | 128 or higher |
| Group name | Example_cluster |
| Heartbeat interfaces | ha1 and ha2 |
Except for the device priority, these settings must be the same on all FortiGates in the cluster.
- Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
- Click OK.
The FortiGate negotiates to establish an HA cluster. Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate’s interfaces.
- Factory reset the other FortiGate that will be in the cluster, configure GUI access, then repeat steps 1 to 5, omitting setting the device priority, to join the cluster.
To set up an HA A-P cluster using the CLI:
- Make all the necessary connections as shown in the topology diagram.
- Log into one of the FortiGates.
- Change the hostname of the FortiGate:
config system global set hostname Example1_host
end
Changing the host name makes it easier to identify individual cluster units in the cluster operations.
- Enable HA:
config system ha set mode a-p
set group-name Example_cluster
set hbdev ha1 10 ha2 20 end
- Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
- Repeat steps 1 to 5 on the other FortiGate devices to join the cluster.
HA active-active cluster setup
An HA Active-Active (A-A) cluster can be set up using the GUI or CLI.
This example uses the following network topology:
To set up an HA A-A cluster using the GUI:
- Make all the necessary connections as shown in the topology diagram.
- Log into one of the FortiGates.
- Go to System > HA and set the following options:
| Mode | Active-Active |
| Device priority | 128 or higher |
| Group name | Example_cluster |
| Heartbeat interfaces | ha1 and ha2 |
Except for the device priority, these settings must be the same on all FortiGates in the cluster.
- Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
- Click OK.
The FortiGate negotiates to establish an HA cluster. Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate’s interfaces.
- Factory reset the other FortiGate that will be in the cluster, configure GUI access, then repeat steps 1 to 5, omitting setting the device priority, to join the cluster.
To set up an HA A-P cluster using the CLI:
- Make all the necessary connections as shown in the topology diagram.
- Log into one of the FortiGates.
- Change the hostname of the FortiGate:
config system global set hostname Example1_host
end
Changing the host name makes it easier to identify individual cluster units in the cluster operations.
- Enable HA:
config system ha set mode a-a
set group-name Example_cluster
set hbdev ha1 10 ha2 20 end
- Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
- Repeat steps 1 to 5 on the other FortiGate devices to join the cluster.
HA virtual cluster setup
An HA virtual cluster can be set up using the GUI or CLI.
To set up an HA virtual cluster using the GUI:
- Make all the necessary connections as shown in the topology diagram.
- Log into one of the FortiGates.
- Go to System > HA and set the following options:
| Mode | Active-Passive |
| Device priority | 128 or higher |
| Group name | Example_cluster |
| Heartbeat interfaces | ha1 and ha2 |
Except for the device priority, these settings must be the same on all FortiGates in the cluster.
- Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
- Click OK.
The FortiGate negotiates to establish an HA cluster. Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate’s interfaces.
- Factory reset the other FortiGate that will be in the cluster, configure GUI access, then repeat steps 1 to 5, omitting setting the device priority, to join the cluster.
- Go to System > Settings and enable Virtual Domains.
- Click Apply. You will be logged out of the FortiGate.
- Log back into the FortiGate, ensure that you are in the global VDOM, and go to System > VDOM.
- Create two new VDOMs, such as VD1 and VD2:
- Click Create New. The New Virtual Domain page opens.
- Enter a name for the VDOM in the Virtual Domain field, then click OK to create the VDOM.
- Repeat these steps to create a second new VDOM.
- Implement a virtual cluster by moving the new VDOMs to Virtual cluster2:
- Go to System > HA.
- Enable VDOM Partitioning.
- Click on the Virtual cluster2 field and select the new VDOMs.
- Click OK.
To set up an HA virtual cluster using the CLI:
- Make all the necessary connections as shown in the topology diagram.
- Set up a regular A-P cluster. See HA active-passive cluster setup on page 212.
- Enable VDOMs:
config system global set vdom-mode multi-vdom
end
You will be logged out of the FortiGate.
- Create two VDOMs:
config vdom edit VD1 next edit VD2 next
end
- Reconfigure the HA settings to be a virtual cluster:
config global config system ha set vcluster2 enable config secondary-vcluster set vdom “VD1” “VD2”
end
end end
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!