Connecting the cluster – Fortinet FortiGate 4000 User Manual
Page 84
84
Fortinet Inc.
Configuring an HA cluster
High availability
Figure 26: Example Active-Active HA configuration
11
If you are configuring a NAT/Route mode cluster, power off the FortiGate unit and then
repeat this procedure for all the FortiGate units in the cluster. Once all the units are
configured, proceed to
“Connecting the cluster” on page 84
.
12
If you are configuring a Transparent mode cluster, reconnect to the web-based
manager.
You might have to wait a few minutes before you can reconnect.
13
Go to System > Status.
14
Select Change to Transparent Mode and select OK to switch the FortiGate unit to
Transparent mode.
15
Power off the FortiGate unit.
16
Repeat this procedure for all the FortiGate units in the cluster.
Connecting the cluster
Use the following procedure to connect a cluster operating in NAT/Route mode or
Transparent mode. Connect the FortiGate units in the cluster to each other and to
your network. You must connect all matching interfaces in the cluster to the same hub
or switch. Then you must connect these interfaces to their networks using the same
hub or switch.
Fortinet recommends using switches for all cluster connections for the best
performance.
The FortiGate units in the cluster use dedicated HA ethernet interfaces to
communicate HA status information to make sure the cluster is functioning properly.
For this reason, the connection between the HA interfaces of all the FortiGate units in
the cluster must be well maintained. An interruption of this communication can have
unpredictable results.
Inserting an HA cluster into your network temporarily interrupts communications on
the network because new physical connections are being made to route traffic through
the cluster. Also, starting the cluster interrupts network traffic until the individual
FortiGate units in the cluster are functioning and the cluster completes negotiation.
Cluster negotiation normally takes just a few seconds. During system startup and
negotiation all network traffic is dropped.