Fortinet white logo
Fortinet white logo

Administration Guide

HA active-active cluster setup

HA active-active cluster setup

An HA Active-Active (A-A) cluster can be set up using the GUI or CLI.

Note

FGCP in Active-Active mode cannot load balance any sessions that traverse NPU VDOM links or regular VDOM links. If Active-Active session load balancing between VDOMs is required, use an external router to handle the inter-VDOM routing.

This example uses the following network topology:

To set up an HA A-A cluster using the GUI:
  1. Make all the necessary connections as shown in the topology diagram.
  2. Log into one of the FortiGates.
  3. Go to System > HA and set the following options:

    Mode

    Active-Active

    Device priority

    128 or higher

    Group name

    Example_cluster

    Heartbeat interfaces

    ha1 and ha2

    Except for the device priority, these settings must be the same on all FortiGates in the cluster.

  4. Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
  5. Click OK.

    The FortiGate negotiates to establish an HA cluster. Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate's interfaces.

  6. Factory reset the other FortiGate that will be in the cluster, configure GUI access, then repeat steps 1 to 5, omitting setting the device priority, to join the cluster.
To set up an HA A-A cluster using the CLI:
  1. Make all the necessary connections as shown in the topology diagram.
  2. Log into one of the FortiGates.
  3. Change the hostname of the FortiGate:
    config system global
        set hostname Example1_host
    end

    Changing the host name makes it easier to identify individual cluster units in the cluster operations.

  4. Enable HA:
    config system ha
        set mode a-a
        set group-name Example_cluster
        set hbdev ha1 10 ha2 20
    end 
  5. Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
  6. Repeat steps 1 to 5 on the other FortiGate devices to join the cluster.

HA active-active cluster setup

HA active-active cluster setup

An HA Active-Active (A-A) cluster can be set up using the GUI or CLI.

Note

FGCP in Active-Active mode cannot load balance any sessions that traverse NPU VDOM links or regular VDOM links. If Active-Active session load balancing between VDOMs is required, use an external router to handle the inter-VDOM routing.

This example uses the following network topology:

To set up an HA A-A cluster using the GUI:
  1. Make all the necessary connections as shown in the topology diagram.
  2. Log into one of the FortiGates.
  3. Go to System > HA and set the following options:

    Mode

    Active-Active

    Device priority

    128 or higher

    Group name

    Example_cluster

    Heartbeat interfaces

    ha1 and ha2

    Except for the device priority, these settings must be the same on all FortiGates in the cluster.

  4. Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
  5. Click OK.

    The FortiGate negotiates to establish an HA cluster. Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate's interfaces.

  6. Factory reset the other FortiGate that will be in the cluster, configure GUI access, then repeat steps 1 to 5, omitting setting the device priority, to join the cluster.
To set up an HA A-A cluster using the CLI:
  1. Make all the necessary connections as shown in the topology diagram.
  2. Log into one of the FortiGates.
  3. Change the hostname of the FortiGate:
    config system global
        set hostname Example1_host
    end

    Changing the host name makes it easier to identify individual cluster units in the cluster operations.

  4. Enable HA:
    config system ha
        set mode a-a
        set group-name Example_cluster
        set hbdev ha1 10 ha2 20
    end 
  5. Leave the remaining settings as their default values. They can be changed after the cluster is in operation.
  6. Repeat steps 1 to 5 on the other FortiGate devices to join the cluster.