Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
epiquette
Staff
Staff

Created on ‎03-29-2015 05:22 PM Edited on ‎09-24-2023 09:46 PM By Community Manager

Article Id 191959

Technical Tip: Basic HA Setup

Description

 

This article describes the basic HA setup.

 

Scope

 

FortiGate.

 

Solution

 

The conditions for configuring HA are as follows:

  • Devices must be of the same model.
  • Devices must have the same Firmware version.
  • The same licenses must be applied to all devices on the cluster.

Note: If the licenses are not the same on both FortiGates, the lowest license level between the two will apply. eg if one FortiGate has Advanced Malware Protection and the other one does not then the HA cluster will not have Advanced Malware Protection. 

 

Settings are synchronized between the devices part of the HA cluster, except for a few items, like hostname, HA-related settings like a priority, and management interface settings.

 

The below steps are only for the basic setup of HA.

  1. Configure the Master device with all the correct configurations (if having a backup configuration to restore with the same firmware that is running on the unit, it is possible to restore that on the device).

If you do not have a backup file, skip this step.

 

     2. Set up the HA configuration on the Master as follows using the CLI :

 

config global
    config system ha
        set mode {a-a / a-p}
        set group-name <name>

        set group-id <ID> <- 'group name and group id is recommended to be changed in case other HA setup are found on the same network'.

       set password <password>
       set hbdev <"interface name"> <integer> <- 'The above line is where you indicate your heartbeat interfaces'.
       set priority <priority>
    end
 

     3. Make sure that the Slave has no configurations applied. It is possible to achieve that by executing the command 'exec factoryreset'.
     4. Set up the HA configuration on the Slave.  Make sure that the priority is lower than the Master unit. The other HA parameters should match.

 
config global
    config system ha
        set mode {a-a / a-p}
        set group-name <name>

            set group-id <ID> <- 'group name and group id is recommended to be changed in case other HA setup are found on the same network'.

        set password <password>
        set hbdev <"interface name"> <integer> <- 'The above line is where you indicate your heartbeat interfaces'.
        set priority <priority>
    end
 

     5. Once this is done, shutdown the Slave to connect the heartbeat cable(s) in the interface(s) indicated in the HA configuration and all the other cables including internal network cable(s) and external network cable(s).


     6. Power on the Slave and give it a few minutes before it synchronizes as it can take some time to synchronize depending on the configuration.

 

Related documentation:

HA active-passive cluster setup.
Technical Tip: Rebuilding an HA cluster.

Labels:
10525
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.