Fortinet white logo
Fortinet white logo

FortiGate-6000 Handbook

Limitations of FortiGate-6000 virtual clustering

Limitations of FortiGate-6000 virtual clustering

FortiGate-6000 virtual clustering includes the following limitations:

  • Virtual clustering supports two FortiGate-6000s only.
  • Active-passive HA mode is supported, active-active HA is not.
  • The root and mgmt-vdom VDOMs must be in virtual cluster 1 (also called the primary virtual cluster).
  • A VLAN must be in the same virtual cluster as the physical interface or LAG that the VLAN has been added to. The VLAN can be in the same VDOM as its physical interface or LAG or in a different VDOM, as long as both VDOMs are in the same virtual cluster.

  • The interfaces that are created when you add an inter-VDOM link must be in the same virtual cluster as the inter-VDOM link. You can change the virtual cluster that an inter-VDOM link is in by editing the inter-VDOM link and changing the vcluster setting.
  • Using HA reserved management interfaces to manage individual cluster units is not supported. This feature may work as intended in many cases. However, using this feature in a virtual cluster is not recommended as it may cause conflicts with other features such as remote FortiAnalyzer logging.

    You can use In-band management to manage and monitor VDOMs in virtual cluster 2 by enabling management access for one or more data interfaces in the VDOMs in virtual cluster 2 and then logging into the GUI or CLI using these interfaces. See Using data interfaces for management traffic.

    You can also use special management port numbers to connect to the secondary chassis FortiGate-6000 management board (see HA mode special management port numbers).

Limitations of FortiGate-6000 virtual clustering

Limitations of FortiGate-6000 virtual clustering

FortiGate-6000 virtual clustering includes the following limitations:

  • Virtual clustering supports two FortiGate-6000s only.
  • Active-passive HA mode is supported, active-active HA is not.
  • The root and mgmt-vdom VDOMs must be in virtual cluster 1 (also called the primary virtual cluster).
  • A VLAN must be in the same virtual cluster as the physical interface or LAG that the VLAN has been added to. The VLAN can be in the same VDOM as its physical interface or LAG or in a different VDOM, as long as both VDOMs are in the same virtual cluster.

  • The interfaces that are created when you add an inter-VDOM link must be in the same virtual cluster as the inter-VDOM link. You can change the virtual cluster that an inter-VDOM link is in by editing the inter-VDOM link and changing the vcluster setting.
  • Using HA reserved management interfaces to manage individual cluster units is not supported. This feature may work as intended in many cases. However, using this feature in a virtual cluster is not recommended as it may cause conflicts with other features such as remote FortiAnalyzer logging.

    You can use In-band management to manage and monitor VDOMs in virtual cluster 2 by enabling management access for one or more data interfaces in the VDOMs in virtual cluster 2 and then logging into the GUI or CLI using these interfaces. See Using data interfaces for management traffic.

    You can also use special management port numbers to connect to the secondary chassis FortiGate-6000 management board (see HA mode special management port numbers).