Fortinet black logo

Cookbook

Preparing the FortiGates

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:513562
Download PDF

Preparing the FortiGates

  1. If required, upgrade the firmware running on the FortiGates. All FortiGates must be running the same version of FortiOS.
  2. If this is a new FortiGate that has never been used, you can skip this step.

    Reset the backup FortiGate to factory default settings using the following CLI command:

    execute factoryreset

  3. In some cases, after resetting to factory defaults, you might want to make some initial configuration changes to connect the FortiGates to the network. In this example, the LAN switch on the FortiGate-51Es was converted to separate lan1 to lan5 interfaces.
  4. On the primary FortiGate, go to System > Settings and change the Host name to identify this as the primary FortiGate in the HA cluster.

  5. On the backup FortiGate, go to System > Settings and change the Host name to identify this as Backup-1.

  6. On the third FortiGate, go to System > Settings and change the Host name to identify this as Backup-2.

  7. On the fourth FortiGate, go to System > Settings and change the Host name to identify this as Backup-3.

    You can also use the CLI to change the host name. From the Primary FortiGate:

    config system global

    set hostname Primary

    end

    From the Backup-1 FortiGate:

    config system global

    set hostname Backup-1

    end

    From the Backup-2 FortiGate:

    config system global

    set hostname Backup-2

    end

    From the Backup-3 FortiGate:

    config system global

    set hostname Backup-3

    end

  8. Register and apply licenses to the primary FortiGate before configuring it for HA operation. This includes licensing for FortiCare Support, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, and additional virtual domains (VDOMs).

    All FortiGates in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs. You can add FortiToken licenses at any time because they're synchronized with all cluster members.

    Note

    If the FortiGates in the cluster will run FortiOS Carrier, apply the FortiOS Carrier license before you apply other licenses and before you configure the cluster. When you apply the FortiOS Carrier license, the FortiGate resets its configuration to factory defaults, requiring you to repeat steps performed before applying the license.

Preparing the FortiGates

  1. If required, upgrade the firmware running on the FortiGates. All FortiGates must be running the same version of FortiOS.
  2. If this is a new FortiGate that has never been used, you can skip this step.

    Reset the backup FortiGate to factory default settings using the following CLI command:

    execute factoryreset

  3. In some cases, after resetting to factory defaults, you might want to make some initial configuration changes to connect the FortiGates to the network. In this example, the LAN switch on the FortiGate-51Es was converted to separate lan1 to lan5 interfaces.
  4. On the primary FortiGate, go to System > Settings and change the Host name to identify this as the primary FortiGate in the HA cluster.

  5. On the backup FortiGate, go to System > Settings and change the Host name to identify this as Backup-1.

  6. On the third FortiGate, go to System > Settings and change the Host name to identify this as Backup-2.

  7. On the fourth FortiGate, go to System > Settings and change the Host name to identify this as Backup-3.

    You can also use the CLI to change the host name. From the Primary FortiGate:

    config system global

    set hostname Primary

    end

    From the Backup-1 FortiGate:

    config system global

    set hostname Backup-1

    end

    From the Backup-2 FortiGate:

    config system global

    set hostname Backup-2

    end

    From the Backup-3 FortiGate:

    config system global

    set hostname Backup-3

    end

  8. Register and apply licenses to the primary FortiGate before configuring it for HA operation. This includes licensing for FortiCare Support, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, and additional virtual domains (VDOMs).

    All FortiGates in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs. You can add FortiToken licenses at any time because they're synchronized with all cluster members.

    Note

    If the FortiGates in the cluster will run FortiOS Carrier, apply the FortiOS Carrier license before you apply other licenses and before you configure the cluster. When you apply the FortiOS Carrier license, the FortiGate resets its configuration to factory defaults, requiring you to repeat steps performed before applying the license.