Fortinet black logo

Handbook

Troubleshooting virtual clustering

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:291431
Download PDF

Troubleshooting virtual clustering

Troubleshooting virtual clusters is similar to troubleshooting any cluster (see FGCP HA examples). This section describes a few testing and troubleshooting techniques for virtual clustering.

To test the VDOM partitioning configuration

You can do the following to confirm that traffic for different VDOMs will be distributed among both FortiGates in the virtual cluster. These steps assume the cluster is otherwise operating correctly.

  1. Log into the GUI or CLI using the IP addresses of interfaces in each VDOM.

    Confirm that you have logged into the FortiGate that should be processing traffic for that VDOM by checking the HTML title displayed by your web browser or the CLI prompt. Both of these should include the host name of the cluster unit that you have logged into. Also on the system Dashboard, the System Information widget displays the serial number of the FortiGate that you logged into. From the CLI the get system status command displays the status of the cluster unit that you logged into.

  2. To verify that the correct cluster unit is processing traffic for a VDOM:

    • Add security policies to the VDOM that allow communication between the interfaces in the VDOM.
    • Optionally enable traffic logging and other monitoring for that VDOM and these security policies.
    • Start communication sessions that pass traffic through the VDOM.
    • Log into the GUI and go to System > HA. Verify that the statistics display shows more active sessions, total packets, network utilization, and total bytes for the unit that should be processing all traffic for the VDOM.
    • Optionally check traffic logging and the Top Sessions Widget for the FortiGate that should be processing traffic for that VDOM to verify that the traffic is being processed by this FortiGate.

Troubleshooting virtual clustering

Troubleshooting virtual clusters is similar to troubleshooting any cluster (see FGCP HA examples). This section describes a few testing and troubleshooting techniques for virtual clustering.

To test the VDOM partitioning configuration

You can do the following to confirm that traffic for different VDOMs will be distributed among both FortiGates in the virtual cluster. These steps assume the cluster is otherwise operating correctly.

  1. Log into the GUI or CLI using the IP addresses of interfaces in each VDOM.

    Confirm that you have logged into the FortiGate that should be processing traffic for that VDOM by checking the HTML title displayed by your web browser or the CLI prompt. Both of these should include the host name of the cluster unit that you have logged into. Also on the system Dashboard, the System Information widget displays the serial number of the FortiGate that you logged into. From the CLI the get system status command displays the status of the cluster unit that you logged into.

  2. To verify that the correct cluster unit is processing traffic for a VDOM:

    • Add security policies to the VDOM that allow communication between the interfaces in the VDOM.
    • Optionally enable traffic logging and other monitoring for that VDOM and these security policies.
    • Start communication sessions that pass traffic through the VDOM.
    • Log into the GUI and go to System > HA. Verify that the statistics display shows more active sessions, total packets, network utilization, and total bytes for the unit that should be processing all traffic for the VDOM.
    • Optionally check traffic logging and the Top Sessions Widget for the FortiGate that should be processing traffic for that VDOM to verify that the traffic is being processed by this FortiGate.