Setting up the hardware

1. Install two FortiGate-5000 series chassis and connect them to power. Ideally each chassis should be connected to a separate power circuit.
2. Install a FortiController in slot 1 of each chassis.
3. Install the workers in slots 3, 4, and 5 of each chassis.
4. Power on both chassis.

5. Check the chassis, FortiController, and FortiGate LEDs to verify that all components are operating normally.

   To check normal operation LED status see the FortiGate-5000 hardware guides and FortiController hardware guides.

6. Create duplicate connections from both FortiController front panel interfaces to the internet and to the internal network.

7. Create a heartbeat link by connecting the FortiController B1 interfaces together. Create a secondary heartbeat link by connecting the FortiController B2 interfaces together.

   You can directly connect the heartbeat interfaces with a patch cable or connect them through a switch. If you use a switch, it must allow traffic on the heartbeat VLAN (default 999) and the base control and management VLANs (301 and 101). These connections establish heartbeat, base control, and base management communication between the FortiControllers.

   Only one heartbeat connection is required but redundant connections are recommended.

8. Create a FortiController session sync connection between the chassis by connecting the FortiController F4 interfaces together. If you use a switch it must allow traffic on the FortiController session sync VLAN (2000). You can use any of the F1 to F8 interfaces. We chose F4 in this example to make the diagram easier to understand.
9. Connect the mgmt interfaces of both FortiControllers to the internal network or any network to manage the cluster from.
10. Check the FortiController release notes for the latest supported FortiController and FortiGate firmware.

11. Get FortiController and FortiOS firmware from the Fortinet Support site.

    For FortiController firmware, select the FortiSwitchATCA product.