Fortinet black logo

Session-Aware Load Balancing Cluster Guide

Quick SLBC cluster setup

5.2.10
Copy Link
Copy Doc ID 31a89d05-200d-11e9-b6f6-f8bc1258b856:710019
Download PDF

Quick SLBC cluster setup

This section contains some high-level steps that guide you through the basics of setting up an example SLBC cluster consisting of a single FortiController and 3 workers installed in a FortiGate-5000 chassis.

  1. Install the FortiGate-5000 series chassis and connect it to power.
  2. Install the FortiController in chassis slot 1.
  3. Install the workers in chassis slots 3, 4, and 5.
  4. Power on the chassis.
  5. Check the chassis, FortiController and worker LEDs to verify that all components are operating normally.
  6. Check the FortiSwitch-ATCA release notes and confirm that your FortiController is running the latest supported firmware. You can download the release notes from the Fortinet Documentation website and the correct firmware from Fortinet’s Support site (https://support.fortinet.com). Select the FortiSwitch-ATCA product.
  7. Log into the CLI of each of the workers and use the following command to set them to FortiController mode:

    config system elbc

    set mode forticontroller

    end

  8. From the FortiController GUI Dashboard System Information widget, beside HA Status select Configure.
  9. Set Mode to Active-Passive, change the Group ID, and move the b1 and b2 interfaces to the Selected column and select OK.

    Or from the CLI enter the following command:

    config system ha

    set mode a-p

    set groupid 4

    set hbdev b1 b2

    end

  10. You can optionally configure other HA settings.

    Note If you have more than one cluster on the same network, each cluster should have a different Group ID. Changing the Group ID changes the cluster interface MAC addresses. Its possible that a group ID setting will cause a MAC address conflict. If this happens select a different Group ID. The default Group ID of 0 is not a good choice and usually should be changed.
  11. Go to Load Balance > Config add the workers to the cluster by selecting Edit and moving the slots that contain workers to the Members list.
  12. Configure the cluster external management interface so that you can manage the worker configuration.

    From the FortiController GUI go to Load Balance > Config and edit the External Management IP/Netmask and change it to an IP address and netmask for the network that the mgmt interfaces of the FortiController and the workers are connected to. The External Management IP/Netmask must be on the same subnet as the FortiController management IP address.

  13. Connect FortiController front panel interface 1 (F1 on some models) to the Internet and front panel interface 3 (F3 on some models) to the internal network.

    The workers see these interfaces as fctrl/f1 and fctrl/f3.

    Do not use the worker front panel interfaces for data or management connections.

  14. Log into the workers using the External Management IP/Netmask and configure the workers to process traffic between fctrl/f1 and fctrl/f3.

    Note If you need to add a default route to connect to the External Management IP/Netmask, log into the FortiController CLI and enter the following command:

    config route static
    edit route 1
    set gateway <gateway-ip>
    end

Quick SLBC cluster setup

This section contains some high-level steps that guide you through the basics of setting up an example SLBC cluster consisting of a single FortiController and 3 workers installed in a FortiGate-5000 chassis.

  1. Install the FortiGate-5000 series chassis and connect it to power.
  2. Install the FortiController in chassis slot 1.
  3. Install the workers in chassis slots 3, 4, and 5.
  4. Power on the chassis.
  5. Check the chassis, FortiController and worker LEDs to verify that all components are operating normally.
  6. Check the FortiSwitch-ATCA release notes and confirm that your FortiController is running the latest supported firmware. You can download the release notes from the Fortinet Documentation website and the correct firmware from Fortinet’s Support site (https://support.fortinet.com). Select the FortiSwitch-ATCA product.
  7. Log into the CLI of each of the workers and use the following command to set them to FortiController mode:

    config system elbc

    set mode forticontroller

    end

  8. From the FortiController GUI Dashboard System Information widget, beside HA Status select Configure.
  9. Set Mode to Active-Passive, change the Group ID, and move the b1 and b2 interfaces to the Selected column and select OK.

    Or from the CLI enter the following command:

    config system ha

    set mode a-p

    set groupid 4

    set hbdev b1 b2

    end

  10. You can optionally configure other HA settings.

    Note If you have more than one cluster on the same network, each cluster should have a different Group ID. Changing the Group ID changes the cluster interface MAC addresses. Its possible that a group ID setting will cause a MAC address conflict. If this happens select a different Group ID. The default Group ID of 0 is not a good choice and usually should be changed.
  11. Go to Load Balance > Config add the workers to the cluster by selecting Edit and moving the slots that contain workers to the Members list.
  12. Configure the cluster external management interface so that you can manage the worker configuration.

    From the FortiController GUI go to Load Balance > Config and edit the External Management IP/Netmask and change it to an IP address and netmask for the network that the mgmt interfaces of the FortiController and the workers are connected to. The External Management IP/Netmask must be on the same subnet as the FortiController management IP address.

  13. Connect FortiController front panel interface 1 (F1 on some models) to the Internet and front panel interface 3 (F3 on some models) to the internal network.

    The workers see these interfaces as fctrl/f1 and fctrl/f3.

    Do not use the worker front panel interfaces for data or management connections.

  14. Log into the workers using the External Management IP/Netmask and configure the workers to process traffic between fctrl/f1 and fctrl/f3.

    Note If you need to add a default route to connect to the External Management IP/Netmask, log into the FortiController CLI and enter the following command:

    config route static
    edit route 1
    set gateway <gateway-ip>
    end