Fortinet black logo

Administration Guide

Home FortiPortal 7.0.3 Administration Guide
7.0.3
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.3.8
5.3.7
5.3.6
5.3.5
5.3.4
5.3.3
5.3.2
5.3.0
5.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

Scalable cluster

Scalable cluster

Use this feature only if you are certain that a scalable cluster is required. Once a cluster has been set up it cannot be deleted.

When a FortiPortal instance is used to set up a new cluster or a FortiPortal instance joins an existing cluster, the FortiPortal instance can no longer be a standalone FortiPortal.

All existing data from the secondary instances is deleted.

In the Scalable Cluster tab, you can configure a FortiPortal cluster.

A cluster consists of a primary unit and two or more standby secondary units. A minimum of three units is required to set up a cluster. If the primary unit becomes unavailable, one of the standby secondaries will become the new primary.

In a FortiPortal cluster, the license limit is the combined license limit of all the FortiPortal instances in a cluster.

Scalable clusters have the following benefits:

  • All the instances are active in a cluster and can serve requests in parallel.

  • Data can be synchronized across all cluster members in real-time. When options are updated in a primary unit, the changes are applied to all the secondary units in the cluster.

  • The cluster can be scaled horizontally by adding new FortiPortal instances.

  • The built-in load balancer is available to distribute loads across all instances in a cluster.

The following roles are available:

  • Primary: The FortiPortal is the primary in a high-availability cluster.

  • Secondary: The FortiPortal is a secondary in a high-availability cluster.

  • Standalone: The FortiPortal is independent of a high-availability cluster. This is the default setting. Use it if you intend to keep the FortiPortal instance independent of a cluster.

To set up a FortiPortal cluster:

  1. Prepare your system for the cluster.

    1. If the Certificate Information and Upload License related options in System > Settings need to be updated, they should be updated in the primary unit before setting up the cluster.

    2. If the firmware, restore, and backup options in the Dashboard need to be updated, they should be updated in the primary unit before setting up a cluster.

    Caution

    Make sure all cluster nodes have the same system configuration (number of CPUs, size of memory, etc.), otherwise the cluster may fail to form.
    Caution

    The following ports must be open between the FortiPortal instances:

    • 2379

    • 2380

    • 6443

    • 7472

    • 7946

    • 10250

  2. Set up the primary instance.

    1. Log in to the primary FortiPortal instance.
    2. Go to System > Settings > Scalable Cluster.
    3. In the Operational Mode field, select Primary.
    4. In the Cluster Password field, set a password for the cluster. This password cannot be retrieved or changed once it is set.
    5. Click Create Cluster.

  3. Set up two or more secondary units.

    1. Log in to another FortiPortal instance.
    2. Go to System > Settings > Scalable Cluster.
    3. In the Operational Mode field, select Secondary.
    4. In the Cluster Password field, enter the cluster password you set on the primary instance.
    5. In the Primary FPC IP field, enter the IP address of the primary instance.
    6. In the Serial Number field, enter the serial number of the primary instance.
    7. Click Join.
    8. Repeat step 3 to add additional secondary instances to the cluster.

  4. Configure the load balancer (optional).

    1. Log in to one of the FortiPortal instances in the cluster.

    2. Go to System > Settings > Scalable Cluster.

    3. In the Load Balancer IP Range field, enter an IP address in the same subnet as the cluster instances. This IP should be one that is not assigned to any devices.

    4. Click Update.

      The load balancer IP configuration is automatically applied across all instances of the cluster.

      After upgrading a FortiPortal instance, you must set the load balancer IP address again.
Previous
Next

Scalable cluster

Use this feature only if you are certain that a scalable cluster is required. Once a cluster has been set up it cannot be deleted.

When a FortiPortal instance is used to set up a new cluster or a FortiPortal instance joins an existing cluster, the FortiPortal instance can no longer be a standalone FortiPortal.

All existing data from the secondary instances is deleted.

In the Scalable Cluster tab, you can configure a FortiPortal cluster.

A cluster consists of a primary unit and two or more standby secondary units. A minimum of three units is required to set up a cluster. If the primary unit becomes unavailable, one of the standby secondaries will become the new primary.

In a FortiPortal cluster, the license limit is the combined license limit of all the FortiPortal instances in a cluster.

Scalable clusters have the following benefits:

  • All the instances are active in a cluster and can serve requests in parallel.

  • Data can be synchronized across all cluster members in real-time. When options are updated in a primary unit, the changes are applied to all the secondary units in the cluster.

  • The cluster can be scaled horizontally by adding new FortiPortal instances.

  • The built-in load balancer is available to distribute loads across all instances in a cluster.

The following roles are available:

  • Primary: The FortiPortal is the primary in a high-availability cluster.

  • Secondary: The FortiPortal is a secondary in a high-availability cluster.

  • Standalone: The FortiPortal is independent of a high-availability cluster. This is the default setting. Use it if you intend to keep the FortiPortal instance independent of a cluster.

To set up a FortiPortal cluster:

  1. Prepare your system for the cluster.

    1. If the Certificate Information and Upload License related options in System > Settings need to be updated, they should be updated in the primary unit before setting up the cluster.

    2. If the firmware, restore, and backup options in the Dashboard need to be updated, they should be updated in the primary unit before setting up a cluster.

    Caution

    Make sure all cluster nodes have the same system configuration (number of CPUs, size of memory, etc.), otherwise the cluster may fail to form.
    Caution

    The following ports must be open between the FortiPortal instances:

    • 2379

    • 2380

    • 6443

    • 7472

    • 7946

    • 10250

  2. Set up the primary instance.

    1. Log in to the primary FortiPortal instance.
    2. Go to System > Settings > Scalable Cluster.
    3. In the Operational Mode field, select Primary.
    4. In the Cluster Password field, set a password for the cluster. This password cannot be retrieved or changed once it is set.
    5. Click Create Cluster.

  3. Set up two or more secondary units.

    1. Log in to another FortiPortal instance.
    2. Go to System > Settings > Scalable Cluster.
    3. In the Operational Mode field, select Secondary.
    4. In the Cluster Password field, enter the cluster password you set on the primary instance.
    5. In the Primary FPC IP field, enter the IP address of the primary instance.
    6. In the Serial Number field, enter the serial number of the primary instance.
    7. Click Join.
    8. Repeat step 3 to add additional secondary instances to the cluster.

  4. Configure the load balancer (optional).

    1. Log in to one of the FortiPortal instances in the cluster.

    2. Go to System > Settings > Scalable Cluster.

    3. In the Load Balancer IP Range field, enter an IP address in the same subnet as the cluster instances. This IP should be one that is not assigned to any devices.

    4. Click Update.

      The load balancer IP configuration is automatically applied across all instances of the cluster.

      After upgrading a FortiPortal instance, you must set the load balancer IP address again.
Previous
Next