Fortinet black logo

Session-Aware Load Balancing Cluster Guide

Home FortiController 5.2.10 Session-Aware Load Balancing Cluster Guide

Setting up the hardware

5.2.10
5.2.11
5.2.10
Copy Link
Copy Doc ID 31a89d05-200d-11e9-b6f6-f8bc1258b856:525021
Download PDF

Setting up the hardware

  1. Install two FortiGate-5144C chassis and connect them to power. Ideally each chassis should be connected to a separate power circuit.
  2. Install the FortiControllers in slot 1 and slot 2 of each chassis.
  3. Install the workers in slots 3, 4, and 5 of each chassis.
  4. Power on both chassis.

  5. Check the chassis, FortiController, and FortiGate LEDs to verify that all components are operating normally.

    To check normal operation LED status see the FortiGate-5000 hardware guides and FortiController hardware guides.

  6. Create redundant connections from the F1 interfaces of the FortiControllers in slot 1 of both chassis to the internet.

    In the FortiOS GUI or CLI, this is the fctl1/f2 interface.

  7. Create redundant connections from the F3 interfaces of the FortiControlelrs in slot 2 of both chassis to the internal network.

    In the FortiOS GUI or CLI, this is the fctl2/f3 interface.

  8. Create redundant connections from all four FortiController mgmt interfaces to a management network (in the example the mgmt interfaces are connected to the internal network).

  9. Create a heartbeat and session-sync link by connecting the four FortiController B1 interfaces together.

    Create a secondary heartbeat and session-sync link by connecting the four FortiController B2 interfaces together.

    Using the same switch for the B1 and B2 interfaces is not recommended and requires a double VLAN tagging configuration.

    The switches used to connect the heartbeat interfaces must allow traffic on the heartbeat VLAN (default 999) and the base control and management VLANs (301 and 101). The switches must also allow traffic on the session-sync VLANs (1900 for B2 and 1901 for B2). The heartbeat interfaces provide HA heartbeat, base control, base management, and session-sync communication between the FortiControllers.

    Only one heartbeat connection is required but redundant connections are recommended.

  10. Check the FortiController release notes for the latest supported FortiController and FortiGate firmware.

  11. Get FortiController and FortiOS firmware from the Fortinet Support site.

    For FortiController firmware, select the FortiSwitchATCA product.

Previous
Next

Setting up the hardware

  1. Install two FortiGate-5144C chassis and connect them to power. Ideally each chassis should be connected to a separate power circuit.
  2. Install the FortiControllers in slot 1 and slot 2 of each chassis.
  3. Install the workers in slots 3, 4, and 5 of each chassis.
  4. Power on both chassis.

  5. Check the chassis, FortiController, and FortiGate LEDs to verify that all components are operating normally.

    To check normal operation LED status see the FortiGate-5000 hardware guides and FortiController hardware guides.

  6. Create redundant connections from the F1 interfaces of the FortiControllers in slot 1 of both chassis to the internet.

    In the FortiOS GUI or CLI, this is the fctl1/f2 interface.

  7. Create redundant connections from the F3 interfaces of the FortiControlelrs in slot 2 of both chassis to the internal network.

    In the FortiOS GUI or CLI, this is the fctl2/f3 interface.

  8. Create redundant connections from all four FortiController mgmt interfaces to a management network (in the example the mgmt interfaces are connected to the internal network).

  9. Create a heartbeat and session-sync link by connecting the four FortiController B1 interfaces together.

    Create a secondary heartbeat and session-sync link by connecting the four FortiController B2 interfaces together.

    Using the same switch for the B1 and B2 interfaces is not recommended and requires a double VLAN tagging configuration.

    The switches used to connect the heartbeat interfaces must allow traffic on the heartbeat VLAN (default 999) and the base control and management VLANs (301 and 101). The switches must also allow traffic on the session-sync VLANs (1900 for B2 and 1901 for B2). The heartbeat interfaces provide HA heartbeat, base control, base management, and session-sync communication between the FortiControllers.

    Only one heartbeat connection is required but redundant connections are recommended.

  10. Check the FortiController release notes for the latest supported FortiController and FortiGate firmware.

  11. Get FortiController and FortiOS firmware from the Fortinet Support site.

    For FortiController firmware, select the FortiSwitchATCA product.

Previous
Next