Fortinet black logo

Session-Aware Load Balancing Cluster Guide

Configuring the FortiController

5.2.10
Copy Link
Copy Doc ID 31a89d05-200d-11e9-b6f6-f8bc1258b856:587850
Download PDF

Configuring the FortiController

  1. Connect to the FortiController GUI (using HTTPS) or CLI (using SSH) using the default IP address 192.168.1.99.

    Or connect to the FortiController CLI through the console port (Baud Rate 9600bps, Data bits 8, Parity None, Stop bits 1, and Flow Control None).

  2. Login using the admin administrator account and no password.
  3. Add a password for the admin administrator account. From the GUI use the Administrators widget or from the CLI enter this command.

    config admin user

    edit admin

    set password <password>

    end

  4. Change the FortiController mgmt interface IP address.

    From the GUI use the Management Port widget or from the CLI enter this command:

    config system interface

    edit mgmt

    set ip 172.20.120.151/24

    end

  5. If you need to add a default route for the management IP address, enter this command.

    config route static

    edit route 1

    set gateway 172.20.120.2

    end

  6. Set the chassis type that you are using, for example:

    config system global

    set chassis-type fortigate-5140

    end

  7. From the GUI, go to Load Balance > Config to add the workers to the cluster by selecting Edit and moving the slots that contain workers to the Members list.

    The Config page shows the slots in which the cluster expects to find workers. Since the workers have not been configured yet their status is Down.

    Configure the External Management IP/Netmask. Once you have connected workers to the cluster, you can use this IP address to manage and configure them.

    You can also enter the following CLI command to add slots 3, 4, and 5 to the cluster:

    config load-balance setting

    config slots

    edit 3

    next

    edit 4

    next

    edit 5

    end

    end

    You can also use the following CLI command to configure the external management IP/Netmask and management access to this address:

    config load-balance setting

    set base-mgmt-external-ip 172.20.120.100 255.255.255.0

    set base-mgmt-allowaccess https ssh ping

    end

Configuring the FortiController

  1. Connect to the FortiController GUI (using HTTPS) or CLI (using SSH) using the default IP address 192.168.1.99.

    Or connect to the FortiController CLI through the console port (Baud Rate 9600bps, Data bits 8, Parity None, Stop bits 1, and Flow Control None).

  2. Login using the admin administrator account and no password.
  3. Add a password for the admin administrator account. From the GUI use the Administrators widget or from the CLI enter this command.

    config admin user

    edit admin

    set password <password>

    end

  4. Change the FortiController mgmt interface IP address.

    From the GUI use the Management Port widget or from the CLI enter this command:

    config system interface

    edit mgmt

    set ip 172.20.120.151/24

    end

  5. If you need to add a default route for the management IP address, enter this command.

    config route static

    edit route 1

    set gateway 172.20.120.2

    end

  6. Set the chassis type that you are using, for example:

    config system global

    set chassis-type fortigate-5140

    end

  7. From the GUI, go to Load Balance > Config to add the workers to the cluster by selecting Edit and moving the slots that contain workers to the Members list.

    The Config page shows the slots in which the cluster expects to find workers. Since the workers have not been configured yet their status is Down.

    Configure the External Management IP/Netmask. Once you have connected workers to the cluster, you can use this IP address to manage and configure them.

    You can also enter the following CLI command to add slots 3, 4, and 5 to the cluster:

    config load-balance setting

    config slots

    edit 3

    next

    edit 4

    next

    edit 5

    end

    end

    You can also use the following CLI command to configure the external management IP/Netmask and management access to this address:

    config load-balance setting

    set base-mgmt-external-ip 172.20.120.100 255.255.255.0

    set base-mgmt-allowaccess https ssh ping

    end