Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Configuring active-passive HA in the CLI

FortiOS 5.6.3+, 6.0.0+

Below is the primary FortiGate's CLI configuration:

config system ha

set group-name "test001”

set mode a-p

set hbdev "port3" 50

set session-pickup enable

set ha-mgmt-status enable

config ha-mgmt-interface

edit 1

set interface port4

set gateway 192.168.4.1

next

end

set override disable

set priority 255

set unicast-hb enable

set unicast-hb-peerip 192.168.3.12

end

Below is the secondary FortiGate's CLI configuration:

config system ha

set group-name "test001”

set mode a-p

set hbdev "port3" 50

set session-pickup enable

set ha-mgmt-status enable

config ha-mgmt-interface

edit 1

set interface port4

set gateway 192.168.4.1

next

end

set override disable

set priority 1

set unicast-hb enable

set unicast-hb-peerip 192.168.3.11

end

Note

The primary and secondary FortiGate have different set priorities and unicast heartbeat peer IP addresses. For FortiOS 5.4.5 below, take this information into account.

FortiOS 5.4.5

Below is the primary FortiGate's CLI configuration:

config system ha

set group-name "test001”

set mode a-p

set hbdev "port3" 50

set session-pickup enable

set ha-mgmt-status enable

set ha-mgmt-interface "port4"

set override disable

set priority 255

set unicast-hb enable

set unicast-hb-peerip 192.168.3.12

end

Resources

Configuring active-passive HA in the CLI

FortiOS 5.6.3+, 6.0.0+

Below is the primary FortiGate's CLI configuration:

config system ha

set group-name "test001”

set mode a-p

set hbdev "port3" 50

set session-pickup enable

set ha-mgmt-status enable

config ha-mgmt-interface

edit 1

set interface port4

set gateway 192.168.4.1

next

end

set override disable

set priority 255

set unicast-hb enable

set unicast-hb-peerip 192.168.3.12

end

Below is the secondary FortiGate's CLI configuration:

config system ha

set group-name "test001”

set mode a-p

set hbdev "port3" 50

set session-pickup enable

set ha-mgmt-status enable

config ha-mgmt-interface

edit 1

set interface port4

set gateway 192.168.4.1

next

end

set override disable

set priority 1

set unicast-hb enable

set unicast-hb-peerip 192.168.3.11

end

Note

The primary and secondary FortiGate have different set priorities and unicast heartbeat peer IP addresses. For FortiOS 5.4.5 below, take this information into account.

FortiOS 5.4.5

Below is the primary FortiGate's CLI configuration:

config system ha

set group-name "test001”

set mode a-p

set hbdev "port3" 50

set session-pickup enable

set ha-mgmt-status enable

set ha-mgmt-interface "port4"

set override disable

set priority 255

set unicast-hb enable

set unicast-hb-peerip 192.168.3.12

end