HA heartbeat communication between FortiGate-7000s happens over the 10Gbit M1 and M2 interfaces of the FIMs in each chassis. To set up HA heartbeat connections:
- Connect the M1 interfaces of all FIMs together using a switch.
- Connect the M2 interfaces of all FIMs together using another switch.
All of the M1 interfaces must be connected together with a switch and all of the M2 interfaces must be connected together with another switch. Connecting M1 interfaces or M2 interfaces directly is not supported as each FIM needs to communicate with all other FIMs.
Because the FortiGate-7030E only has one FIM, in a FortiGate-7030E HA cluster you can directly connect the M1 and M2 interfaces of each FortiGate-7030E together, without using a switch.
For redundancy, for other FortiGate-7000s, Fortinet recommends using separate switches for the M1 and M2 connections. These switches should be dedicated to HA heartbeat communication and not used for other traffic. You must also configure switches used for HA heartbeat traffic in trunk mode.
If you use the same switch for the M1 and M2 interfaces, separate the M1 and M2 traffic on the switch and set the heartbeat traffic on the M1 and M2 interfaces to have different VLAN IDs.
|Connect the M1 and M2 interfaces before enabling HA. Enabling HA moves heartbeat communication between the FIMs in the same chassis to the M1 and M2 interfaces. So if these interfaces are not connected before you enable HA, FIMs in the same chassis will not be able to communicate with each other.