Managing an ha cluster – Fortinet FortiGate-800 User Manual
Page 78
78
Fortinet Inc.
Managing an HA cluster
High availability
2
Power on all the FortiGate units in the cluster.
As the units power on they negotiate to choose the primary cluster unit and the
subordinate units. This negotiation occurs with no user intervention.
When negotiation is complete the you can configure the cluster as if it was a single
FortiGate unit. Use the information in
“NAT/Route mode installation” on page 41
“Transparent mode installation” on page 59
to configure the cluster interfaces,
configure your network, and complete the cluster configuration.
“Managing an HA cluster” on page 78
to log into and manage
the cluster.
Adding a new FortiGate unit to a functioning cluster
You can add a new FortiGate unit to a functioning cluster at any time. The new
FortiGate unit must be the same model as the other units in the cluster and must be
running the same firmware version.
To add a new unit to the cluster
1
Configure the new FortiGate unit for HA operation with the same HA configuration as
the other units in the cluster.
See
“Configuring FortiGate units for HA operation” on page 74
2
If the cluster is running in Transparent mode, change the operating mode of the new
FortiGate unit to Transparent mode.
See
“Changing to Transparent mode” on page 109
.
3
Connect the new FortiGate unit to the cluster.
See
“Connecting the cluster” on page 76
.
4
Power on the new FortiGate unit.
When the unit powers on it negotiates to join the cluster. After it joins the cluster, the
cluster synchronizes the new unit configuration with the configuration of the primary
unit.
Managing an HA cluster
The configurations of all of the FortiGate units in the cluster are synchronized so that
the FortiGate units can function as a cluster. Because of this synchronization, you
manage the HA cluster instead of managing the individual FortiGate units in the
cluster. You manage the cluster by connecting to the web-based manager or CLI
using any interface configured for management access (except the HA interface). All
units in the cluster are synchronized with the same interface IP addresses.
Connecting to any interface IP address configured for management access connects
to that cluster interface, which automatically connects you to the primary FortiGate
unit in the cluster.
Note: Do not change the HA interface IP address. The HA interface of each FortiGate unit in the
cluster is assigned an IP address during cluster negotiation.