Fortinet black logo

Cookbook

Troubleshooting the initial cluster configuration

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:225392
Download PDF

Troubleshooting the initial cluster configuration

This section describes how to check a cluster when it first starts up to make sure that it is configured and operating correctly. This section assumes you have already configured your HA cluster and it appears to be up and running normally.

To verify that a cluster can process traffic and react to a failure:
  1. Add a basic security policy configuration and send network traffic through the cluster to confirm connectivity.

    For example, if the cluster is installed between the Internet and an internal network, set up a basic internal to external security policy that accepts all traffic. Then from a PC on the internal network, browse to a website on the Internet or ping a server on the Internet to confirm connectivity.

  2. From your management PC, continuously ping the cluster and then start a large download or use another way to establish ongoing traffic through the cluster.
  3. While traffic is going through the cluster, disconnect the power from one of the cluster units. You could also shut down or restart a cluster unit. Traffic should continue with minimal interruption.
  4. Start up or reconnect the cluster unit that you disconnected. The FortiGate should re-join the cluster with little or no effect on traffic.
  5. Disconnect a cable from one of the HA heartbeat interfaces. The cluster should keep functioning using the other heartbeat interface.
  6. If you have port monitoring enabled, disconnect a network cable from a monitored interface. Traffic should continue with minimal interruption.

Troubleshooting the initial cluster configuration

This section describes how to check a cluster when it first starts up to make sure that it is configured and operating correctly. This section assumes you have already configured your HA cluster and it appears to be up and running normally.

To verify that a cluster can process traffic and react to a failure:
  1. Add a basic security policy configuration and send network traffic through the cluster to confirm connectivity.

    For example, if the cluster is installed between the Internet and an internal network, set up a basic internal to external security policy that accepts all traffic. Then from a PC on the internal network, browse to a website on the Internet or ping a server on the Internet to confirm connectivity.

  2. From your management PC, continuously ping the cluster and then start a large download or use another way to establish ongoing traffic through the cluster.
  3. While traffic is going through the cluster, disconnect the power from one of the cluster units. You could also shut down or restart a cluster unit. Traffic should continue with minimal interruption.
  4. Start up or reconnect the cluster unit that you disconnected. The FortiGate should re-join the cluster with little or no effect on traffic.
  5. Disconnect a cable from one of the HA heartbeat interfaces. The cluster should keep functioning using the other heartbeat interface.
  6. If you have port monitoring enabled, disconnect a network cable from a monitored interface. Traffic should continue with minimal interruption.