Fortinet white logo
Fortinet white logo

Administration Guide

HA active-passive cluster setup

HA active-passive cluster setup

An HA Active-Passive (A-P) cluster can be set up using the GUI or CLI.

This example uses the following network topology:

To set up an HA A-P cluster using the GUI:
  1. Make all the necessary connections as shown in the topology diagram.

  2. Log into one of the FortiGates.

  3. Go to System > HA and set the following options:

    Mode

    Active-Passive

    Device priority

    128 or higher

    Group ID

    1

    Note

    The group ID must be the same in all HA members in order to form a cluster. The group ID can impact the definition of the virtual MAC addresses of interfaces. See Determining VMAC addresses for more details.

    Group name

    Example_cluster

    Password

    ********

    Heartbeat interfaces

    ha1 and ha2

    Except for the device priority, these settings must be the same on all FortiGates in the cluster.

  4. Leave the remaining settings as their default values. They can be changed after the cluster is in operation.

  5. Click OK.

    The FortiGate negotiates to establish an HA cluster. Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate's interfaces.

  6. Factory reset the other FortiGate that will be in the cluster, configure GUI access, then repeat steps 1 to 5, omitting setting the device priority, to join the cluster.

To set up an HA A-P cluster using the CLI:
  1. Make all the necessary connections as shown in the topology diagram.

  2. Log into one of the FortiGates.

  3. Change the hostname of the FortiGate:

    config system global
        set hostname Example1_host
    end

    Changing the host name makes it easier to identify individual cluster units in the cluster operations.

  4. Enable HA:

    config system ha
        set mode a-p
        set group-id 1
        set group-name Example_cluster
        set password ********
        set hbdev ha1 10 ha2 20
    end 
  5. Leave the remaining settings as their default values. They can be changed after the cluster is in operation.

  6. Repeat steps 1 to 5 on the other FortiGate devices to join the cluster, giving each device a unique hostname.

HA active-passive cluster setup

HA active-passive cluster setup

An HA Active-Passive (A-P) cluster can be set up using the GUI or CLI.

This example uses the following network topology:

To set up an HA A-P cluster using the GUI:
  1. Make all the necessary connections as shown in the topology diagram.

  2. Log into one of the FortiGates.

  3. Go to System > HA and set the following options:

    Mode

    Active-Passive

    Device priority

    128 or higher

    Group ID

    1

    Note

    The group ID must be the same in all HA members in order to form a cluster. The group ID can impact the definition of the virtual MAC addresses of interfaces. See Determining VMAC addresses for more details.

    Group name

    Example_cluster

    Password

    ********

    Heartbeat interfaces

    ha1 and ha2

    Except for the device priority, these settings must be the same on all FortiGates in the cluster.

  4. Leave the remaining settings as their default values. They can be changed after the cluster is in operation.

  5. Click OK.

    The FortiGate negotiates to establish an HA cluster. Connectivity with the FortiGate may be temporarily lost as the HA cluster negotiates and the FGCP changes the MAC addresses of the FortiGate's interfaces.

  6. Factory reset the other FortiGate that will be in the cluster, configure GUI access, then repeat steps 1 to 5, omitting setting the device priority, to join the cluster.

To set up an HA A-P cluster using the CLI:
  1. Make all the necessary connections as shown in the topology diagram.

  2. Log into one of the FortiGates.

  3. Change the hostname of the FortiGate:

    config system global
        set hostname Example1_host
    end

    Changing the host name makes it easier to identify individual cluster units in the cluster operations.

  4. Enable HA:

    config system ha
        set mode a-p
        set group-id 1
        set group-name Example_cluster
        set password ********
        set hbdev ha1 10 ha2 20
    end 
  5. Leave the remaining settings as their default values. They can be changed after the cluster is in operation.

  6. Repeat steps 1 to 5 on the other FortiGate devices to join the cluster, giving each device a unique hostname.