Fortinet black logo

Session-Aware Load Balancing Cluster Guide

Setting up the hardware

5.2.10
Copy Link
Copy Doc ID 31a89d05-200d-11e9-b6f6-f8bc1258b856:550918
Download PDF

Setting up the hardware

  1. Install two FortiGate-5000 series chassis and connect them to power. Ideally each chassis should be connected to a separate power circuit.
  2. Install the FortiControllers in slot 1 and slot 2 of each chassis.
  3. Install the workers in slots 3, 4, and 5 of each chassis.
  4. Power on both chassis.
  5. Check the chassis, FortiController, and FortiGate LEDs to verify that all components are operating normally.

    To check normal operation LED status see the FortiGate-5000 hardware guides and FortiController hardware guides.

  6. Create redundant connections from all four FortiController F1 front panel interfaces to the internet,
  7. Create redundant connections from all four FortiController F6 interfaces to the internal network.
  8. Create redundant connections from all four FortiController mgmt interfaces to a management network (in the example the mgmt interfaces are connected to the internal network).
  9. Create a heartbeat link by connecting the four FortiController B1 interfaces together.

    Create a secondary heartbeat link by connecting the four FortiController B2 interfaces together.

    The switches used to connect the heartbeat interfaces must allow traffic on the heartbeat VLAN (default 999) and the base control and management VLANs (301 and 101). The heartbeat interfaces provide HA heartbeat, base control, and base management communication between the FortiControllers.

    Only one heartbeat connection is required but redundant connections are recommended.

  10. Create a FortiController session sync link between the chassis by connecting the four FortiController F4 interfaces together. If you use a switch it must allow traffic on the FortiController session sync VLAN (2000). You can use any of the F1 to F8 interfaces. We chose F4 in this example to make the diagram easier to understand.
  11. Check the FortiController release notes for the latest supported FortiController and FortiGate firmware.
  12. Get FortiController and FortiOS firmware from the Fortinet Support site.

    For FortiController firmware, select the FortiSwitchATCA product.

Setting up the hardware

  1. Install two FortiGate-5000 series chassis and connect them to power. Ideally each chassis should be connected to a separate power circuit.
  2. Install the FortiControllers in slot 1 and slot 2 of each chassis.
  3. Install the workers in slots 3, 4, and 5 of each chassis.
  4. Power on both chassis.
  5. Check the chassis, FortiController, and FortiGate LEDs to verify that all components are operating normally.

    To check normal operation LED status see the FortiGate-5000 hardware guides and FortiController hardware guides.

  6. Create redundant connections from all four FortiController F1 front panel interfaces to the internet,
  7. Create redundant connections from all four FortiController F6 interfaces to the internal network.
  8. Create redundant connections from all four FortiController mgmt interfaces to a management network (in the example the mgmt interfaces are connected to the internal network).
  9. Create a heartbeat link by connecting the four FortiController B1 interfaces together.

    Create a secondary heartbeat link by connecting the four FortiController B2 interfaces together.

    The switches used to connect the heartbeat interfaces must allow traffic on the heartbeat VLAN (default 999) and the base control and management VLANs (301 and 101). The heartbeat interfaces provide HA heartbeat, base control, and base management communication between the FortiControllers.

    Only one heartbeat connection is required but redundant connections are recommended.

  10. Create a FortiController session sync link between the chassis by connecting the four FortiController F4 interfaces together. If you use a switch it must allow traffic on the FortiController session sync VLAN (2000). You can use any of the F1 to F8 interfaces. We chose F4 in this example to make the diagram easier to understand.
  11. Check the FortiController release notes for the latest supported FortiController and FortiGate firmware.
  12. Get FortiController and FortiOS firmware from the Fortinet Support site.

    For FortiController firmware, select the FortiSwitchATCA product.