Fortinet white logo
Fortinet white logo

Session-Aware Load Balancing Cluster Guide

5.2.11

Setting up the hardware

Setting up the hardware

  1. Install two FortiGate-5000 series chassis and connect them to power. Ideally each chassis should be connected to a separate power circuit.
  2. Install the FortiControllers in slot 1 and slot 2 of each chassis.
  3. Install the workers in slots 3, 4, and 5 of each chassis.
  4. Power on both chassis.
  5. Check the chassis, FortiController, and FortiGate LEDs to verify that all components are operating normally.

    To check normal operation LED status see the FortiGate-5000 hardware guides and FortiController hardware guides.

  6. Create redundant connections from the F2 interfaces of the FortiControllers in slot 1 of both chassis to the internet.

    In the FortiOS GUI or CLI, this is the fctl1/f2 interface.

  7. Create redundant connections from the F6 interfaces of the FortiControlelrs in slot 2 of both chassis to the internal network.

    In the FortiOS GUI or CLI, this is the fctl2/f6 interface.

  8. Create redundant connections from all four FortiController mgmt interfaces to a management network (in the example the mgmt interfaces are connected to the internal network).
  9. Create a heartbeat link by connecting the four FortiController B1 interfaces together.

    Create a secondary heartbeat link by connecting the four FortiController B2 interfaces together.

    The switches used to connect the heartbeat interfaces must allow traffic on the heartbeat VLAN (default 999) and the base control and management VLANs (301 and 101). The heartbeat interfaces provide HA heartbeat, base control, and base management communication between the FortiControllers.

    Only one heartbeat connection is required but redundant connections are recommended.

  10. Create a FortiController session sync link between the chassis by connecting the four FortiController F4 interfaces together. If you use a switch it must allow traffic on the FortiController session sync VLAN (2000). You can use any of the F1 to F8 interfaces. We chose F4 in this example to make the diagram easier to understand.
  11. Check the FortiController release notes for the latest supported FortiController and FortiGate firmware.
  12. Get FortiController and FortiOS firmware from the Fortinet Support site.

    For FortiController firmware, select the FortiSwitchATCA product.

Setting up the hardware

Setting up the hardware

  1. Install two FortiGate-5000 series chassis and connect them to power. Ideally each chassis should be connected to a separate power circuit.
  2. Install the FortiControllers in slot 1 and slot 2 of each chassis.
  3. Install the workers in slots 3, 4, and 5 of each chassis.
  4. Power on both chassis.
  5. Check the chassis, FortiController, and FortiGate LEDs to verify that all components are operating normally.

    To check normal operation LED status see the FortiGate-5000 hardware guides and FortiController hardware guides.

  6. Create redundant connections from the F2 interfaces of the FortiControllers in slot 1 of both chassis to the internet.

    In the FortiOS GUI or CLI, this is the fctl1/f2 interface.

  7. Create redundant connections from the F6 interfaces of the FortiControlelrs in slot 2 of both chassis to the internal network.

    In the FortiOS GUI or CLI, this is the fctl2/f6 interface.

  8. Create redundant connections from all four FortiController mgmt interfaces to a management network (in the example the mgmt interfaces are connected to the internal network).
  9. Create a heartbeat link by connecting the four FortiController B1 interfaces together.

    Create a secondary heartbeat link by connecting the four FortiController B2 interfaces together.

    The switches used to connect the heartbeat interfaces must allow traffic on the heartbeat VLAN (default 999) and the base control and management VLANs (301 and 101). The heartbeat interfaces provide HA heartbeat, base control, and base management communication between the FortiControllers.

    Only one heartbeat connection is required but redundant connections are recommended.

  10. Create a FortiController session sync link between the chassis by connecting the four FortiController F4 interfaces together. If you use a switch it must allow traffic on the FortiController session sync VLAN (2000). You can use any of the F1 to F8 interfaces. We chose F4 in this example to make the diagram easier to understand.
  11. Check the FortiController release notes for the latest supported FortiController and FortiGate firmware.
  12. Get FortiController and FortiOS firmware from the Fortinet Support site.

    For FortiController firmware, select the FortiSwitchATCA product.