Article Id
192455
Article
This article has been updated for FortiOS MR4 and to add information about the FortiGate-5005FA2 module. The FortiGate-5020 chassis does not support direct ethernet connections between two or more FortiGate-5020 chassis. To configure HA for FortiGate modules installed in two different FortiGate-5020 chassis you must use one or two of the front panel interfaces of the FortiGate modules as HA heartbeat interfaces. Using two (or more) heartbeat interfaces is recommended for redundancy. The following diagram shows an example of how to connect four FortiGate-5001SX units installed in two FortiGate-5020 chassis to make a cluster of four FortiGate-5001SX units. This example cluster has a relatively basic network configuration. In the configuration, port1 connects to an internal network and port2 connects to the Internet. Port3 to port8 are available to be connected as HA heartbeat interfaces. This example uses port7 and port8 as the HA heartbeat interfaces. Network and HA heartbeat connections
Changing the HA heartbeat interface configurationTo configure FortiGate-5001SX cluster units for HA heartbeat interface connections between modules installed in two FortiGate-5020 chassis, you must change the default FortiGate-5001SX HA heartbeat interface configuration. By default the FortiGate-5001SX HA heartbeat configuration uses port9 and port10 as HA heartbeat interfaces. To configure HA heartbeat interfaces for this example configuration, select port7 and port8 to be HA heartbeat interfaces and set the heartbeat interface priorities of both of these interfaces to 50. You should also unselect port9 and port10. Change the HA heartbeat configuration in the same way for a cluster of four FortiGate-5001FA2 modules. Change the HA heartbeat configuration in the same way for a cluster of four FortiGate-5005FA2 modules (except that in this case you must unselect fabric1 and fabric2). FortiGate-5001SX HA heartbeat interface configuration
|
