Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-6000 Handbook

Virtual clustering

FortiGate-6000 supports virtual clustering with two FortiGate-6000s operating in Multi VDOM mode. Virtual clustering is not supported for Split-Task VDOM mode.

A virtual cluster consists of two FortiGate-6000s operating in active-passive HA mode with Multi VDOM mode enabled. Virtual clustering is an extension of FGCP HA that uses VDOM partitioning to send traffic for some VDOMs to the primary FortiGate-6000 and traffic for other VDOMs to the secondary FortiGate-6000. Distributing traffic between the FortiGate-6000s in a virtual cluster is similar to load balancing and can potentially improve overall throughput. You can adjust VDOM partitioning at any time to optimize traffic distribution without interrupting traffic flow.

VDOM partitioning distributes VDOMs between two virtual clusters (virtual cluster 1 and virtual cluster 2). When configuring virtual clustering you would normally set the device priority of virtual cluster 1 higher for the primary FortiGate-6000 and the device priority of virtual cluster 2 higher for the secondary FortiGate-6000. With this configuration, all traffic in the VDOMs in virtual cluster 1 is processed by the primary FortiGate-6000 and all traffic in the VDOMs in virtual cluster 2 is processed by the secondary FortiGate-6000. The FGCP selects the primary and secondary FortiGate-6000 whenever the cluster negotiates. The primary FortiGate-6000 can dynamically change based on FGCP HA primary unit selection criteria.

If a failure occurs and only one FortiGate-6000 continues to operate, all traffic fails over to that FortiGate-6000, similar to normal FGCP HA. When the failed FortiGate-6000rejoins the cluster, the configured traffic distribution is restored.

For more information about virtual clustering see:

Note

If you don't want active-passive virtual clustering to distribute traffic between FortiGate-6000s, you can configure VDOM partitioning to send traffic for all VDOMs to the primary FortiGate-6000. The result is the same as standard active-passive FCGP HA, all traffic is processed by the primary FortiGate-6000.

Virtual clustering creates a cluster between instances of each VDOM on the two FortiGate-6000s in the virtual cluster. All traffic to and from a given VDOM is sent to one of the FortiGate-6000s where it stays within its VDOM and is only processed by that VDOM. One FortiGate-6000 is the primary FortiGate-6000 for each VDOM and one FortiGate-6000 is the secondary FortiGate-6000 for each VDOM. The primary FortiGate-6000 processes all traffic for its VDOMs. The secondary FortiGate-6000 processes all traffic for its VDOMs.

The HA heartbeat and session synchronization provides the same HA services in a virtual clustering configuration as in a standard HA configuration. One set of HA heartbeat interfaces provides HA heartbeat and session synchronization services for all of the VDOMs in the cluster. You do not have to add a heartbeat interface for each VDOM.

Virtual clustering

FortiGate-6000 supports virtual clustering with two FortiGate-6000s operating in Multi VDOM mode. Virtual clustering is not supported for Split-Task VDOM mode.

A virtual cluster consists of two FortiGate-6000s operating in active-passive HA mode with Multi VDOM mode enabled. Virtual clustering is an extension of FGCP HA that uses VDOM partitioning to send traffic for some VDOMs to the primary FortiGate-6000 and traffic for other VDOMs to the secondary FortiGate-6000. Distributing traffic between the FortiGate-6000s in a virtual cluster is similar to load balancing and can potentially improve overall throughput. You can adjust VDOM partitioning at any time to optimize traffic distribution without interrupting traffic flow.

VDOM partitioning distributes VDOMs between two virtual clusters (virtual cluster 1 and virtual cluster 2). When configuring virtual clustering you would normally set the device priority of virtual cluster 1 higher for the primary FortiGate-6000 and the device priority of virtual cluster 2 higher for the secondary FortiGate-6000. With this configuration, all traffic in the VDOMs in virtual cluster 1 is processed by the primary FortiGate-6000 and all traffic in the VDOMs in virtual cluster 2 is processed by the secondary FortiGate-6000. The FGCP selects the primary and secondary FortiGate-6000 whenever the cluster negotiates. The primary FortiGate-6000 can dynamically change based on FGCP HA primary unit selection criteria.

If a failure occurs and only one FortiGate-6000 continues to operate, all traffic fails over to that FortiGate-6000, similar to normal FGCP HA. When the failed FortiGate-6000rejoins the cluster, the configured traffic distribution is restored.

For more information about virtual clustering see:

Note

If you don't want active-passive virtual clustering to distribute traffic between FortiGate-6000s, you can configure VDOM partitioning to send traffic for all VDOMs to the primary FortiGate-6000. The result is the same as standard active-passive FCGP HA, all traffic is processed by the primary FortiGate-6000.

Virtual clustering creates a cluster between instances of each VDOM on the two FortiGate-6000s in the virtual cluster. All traffic to and from a given VDOM is sent to one of the FortiGate-6000s where it stays within its VDOM and is only processed by that VDOM. One FortiGate-6000 is the primary FortiGate-6000 for each VDOM and one FortiGate-6000 is the secondary FortiGate-6000 for each VDOM. The primary FortiGate-6000 processes all traffic for its VDOMs. The secondary FortiGate-6000 processes all traffic for its VDOMs.

The HA heartbeat and session synchronization provides the same HA services in a virtual clustering configuration as in a standard HA configuration. One set of HA heartbeat interfaces provides HA heartbeat and session synchronization services for all of the VDOMs in the cluster. You do not have to add a heartbeat interface for each VDOM.