Fortinet white logo
Fortinet white logo

Session-Aware Load Balancing Cluster Guide

5.2.11

Configuring the cluster

Configuring the cluster

After a short time the FortiControllers restart in HA mode and form an active-passive SLBC HA cluster. All of the FortiControllers must have the same HA configuration and at least one heartbeat link (the B1 and B2 interfaces) must be connected. If the FortiControllers are unable to form a cluster, check to make sure that they all have the same HA configuration. Also they can't form a cluster if the heartbeat interfaces (B1 and B2) are not connected.

With the configuration described in the previous steps, the FortiController in chassis 1 slot 1 should become the primary unit and you can log into the cluster using the management IP address that you assigned to this FortiController.

The other FortiControllers become secondary FortiControllers. You cannot log into or manage the secondary FortiControllers until you configure the cluster External Management IP and add workers to the cluster. Once you do this, you can use the External Management IP address and a special port number to manage the secondary FortiControllers. You can also connect to any secondary FortiController CLI using their console port.

  1. Confirm that the cluster has been formed. From the primary FortiController GUI System Information widget, beside HA Status, select Configure.

    The display should show all four of the FortiControllers in the cluster. (The host names shown on some of the screen images in this example may not match the host names used in the example configuration.)

  2. Go to Load Balance > Status to see the status of the both FortiControllers.

    The primary FortiController slot icon should be colored green. The secondary FortiController in the same chassis should also be visible, but with a yellow slot icon.

  3. Go to Load Balance > Config to add the workers to the cluster by selecting Edit and moving the slots that contain workers to the Members list.

    The Config page shows the slots in which the cluster expects to find workers. If the workers have not been configured their status will be Down.

  4. Configure the External Management IP/Netmask. Once you have connected workers to the cluster, you can use this IP address to manage and configure all of the devices in the cluster.

    You can also enter the following command to add slots 3, 4, and 5 to the cluster.

    config load-balance setting

    config slots

    edit 3

    next

    edit 4

    next

    edit 5

    end

    end

    You can also use the following CLI command to configure the external management IP/Netmask and management access to this address:

    config load-balance setting

    set base-mgmt-external-ip 172.20.120.100 255.255.255.0

    set base-mgmt-allowaccess https ssh ping

    end

  5. Enable base management traffic between FortiControllers. The CLI syntax shows setting the default base management VLAN (101). You can also use this command to change the base management VLAN.

    config load-balance setting

    config base-mgmt-interfaces

    edit b1

    set vlan-id 101

    next

    edit b2

    set vlan-id 101

    end

    end

  6. Enable base control traffic between FortiControllers. The CLI syntax shows setting the default base control VLAN (301). You can also use this command to change the base management VLAN.

    config load-balance setting

    config base-ctrl-interfaces

    edit b1

    set vlan-id 301

    next

    edit b2

    set vlan-id 301

    end

    end

Configuring the cluster

Configuring the cluster

After a short time the FortiControllers restart in HA mode and form an active-passive SLBC HA cluster. All of the FortiControllers must have the same HA configuration and at least one heartbeat link (the B1 and B2 interfaces) must be connected. If the FortiControllers are unable to form a cluster, check to make sure that they all have the same HA configuration. Also they can't form a cluster if the heartbeat interfaces (B1 and B2) are not connected.

With the configuration described in the previous steps, the FortiController in chassis 1 slot 1 should become the primary unit and you can log into the cluster using the management IP address that you assigned to this FortiController.

The other FortiControllers become secondary FortiControllers. You cannot log into or manage the secondary FortiControllers until you configure the cluster External Management IP and add workers to the cluster. Once you do this, you can use the External Management IP address and a special port number to manage the secondary FortiControllers. You can also connect to any secondary FortiController CLI using their console port.

  1. Confirm that the cluster has been formed. From the primary FortiController GUI System Information widget, beside HA Status, select Configure.

    The display should show all four of the FortiControllers in the cluster. (The host names shown on some of the screen images in this example may not match the host names used in the example configuration.)

  2. Go to Load Balance > Status to see the status of the both FortiControllers.

    The primary FortiController slot icon should be colored green. The secondary FortiController in the same chassis should also be visible, but with a yellow slot icon.

  3. Go to Load Balance > Config to add the workers to the cluster by selecting Edit and moving the slots that contain workers to the Members list.

    The Config page shows the slots in which the cluster expects to find workers. If the workers have not been configured their status will be Down.

  4. Configure the External Management IP/Netmask. Once you have connected workers to the cluster, you can use this IP address to manage and configure all of the devices in the cluster.

    You can also enter the following command to add slots 3, 4, and 5 to the cluster.

    config load-balance setting

    config slots

    edit 3

    next

    edit 4

    next

    edit 5

    end

    end

    You can also use the following CLI command to configure the external management IP/Netmask and management access to this address:

    config load-balance setting

    set base-mgmt-external-ip 172.20.120.100 255.255.255.0

    set base-mgmt-allowaccess https ssh ping

    end

  5. Enable base management traffic between FortiControllers. The CLI syntax shows setting the default base management VLAN (101). You can also use this command to change the base management VLAN.

    config load-balance setting

    config base-mgmt-interfaces

    edit b1

    set vlan-id 101

    next

    edit b2

    set vlan-id 101

    end

    end

  6. Enable base control traffic between FortiControllers. The CLI syntax shows setting the default base control VLAN (301). You can also use this command to change the base management VLAN.

    config load-balance setting

    config base-ctrl-interfaces

    edit b1

    set vlan-id 301

    next

    edit b2

    set vlan-id 301

    end

    end