Fortinet black logo

FortiGate-7000F Handbook

Before you begin configuring HA

Copy Link
Copy Doc ID fd130345-bc33-11ec-9fd1-fa163e15d75b:535607
Download PDF

Before you begin configuring HA

Before you begin:

  • The FortiGate-7000Fs must be running the same FortiOS firmware version.
  • The FortiGate-7000Fs must be in the same VDOM mode (Multi VDOM or Split-Task VDOM mode).
  • To successfully form an FGCP HA cluster, both FortiGate-7000Fs must be operating in the same VDOM mode (Multi or Split-Task). You should change both FortiGate-7000Fs to the VDOM mode that you want them to operate in before configuring HA. To change the VDOM mode of an operating cluster, you need remove the backup FortiGate-7000F from the cluster, switch both FortiGate-7000Fs to the other VDOM mode and then re-form the cluster. This process will cause traffic interruptions.

  • Interfaces should be configured with static IP addresses (not DHCP or PPPoE).
  • Register and apply licenses to each FortiGate-7000F before setting up the HA cluster. This includes licensing for FortiCare, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, and additional virtual domains (VDOMs).
  • Both FortiGate-7000Fs in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs.
  • FortiToken licenses can be added at any time because they are synchronized to all cluster members.
  • Both FIMs in both FortiGate-7000Fs in a cluster must have the same log disk and RAID configuration. Use the execute disk list command to confirm the log disk configuration of each FIM in each FortiGate-7000F.

Changing the interfaces configuration before configuring HA

You should configure split interfaces or change interfaces types on both FortiGate-7000Fs before forming an FGCP HA cluster. If you decide to change the split interfaces or interface type configuration after forming a cluster, you need to remove the backup FortiGate-7000F from the cluster and change interface configuration on both FortiGate-7000Fs separately. After the FortiGate-7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

For information about splitting interfaces and change interface types, see Changing the FIM-7921F 1 to 8, M1, and M2 interfaces.

After changing the interface configurations, check each FortiGate-7000F, make sure configurations of the FIMs and FPMs are synchronized before starting to configure HA. See Confirming that the FortiGate-7000F HA cluster is synchronized .

Before you begin configuring HA

Before you begin:

  • The FortiGate-7000Fs must be running the same FortiOS firmware version.
  • The FortiGate-7000Fs must be in the same VDOM mode (Multi VDOM or Split-Task VDOM mode).
  • To successfully form an FGCP HA cluster, both FortiGate-7000Fs must be operating in the same VDOM mode (Multi or Split-Task). You should change both FortiGate-7000Fs to the VDOM mode that you want them to operate in before configuring HA. To change the VDOM mode of an operating cluster, you need remove the backup FortiGate-7000F from the cluster, switch both FortiGate-7000Fs to the other VDOM mode and then re-form the cluster. This process will cause traffic interruptions.

  • Interfaces should be configured with static IP addresses (not DHCP or PPPoE).
  • Register and apply licenses to each FortiGate-7000F before setting up the HA cluster. This includes licensing for FortiCare, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, and additional virtual domains (VDOMs).
  • Both FortiGate-7000Fs in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs.
  • FortiToken licenses can be added at any time because they are synchronized to all cluster members.
  • Both FIMs in both FortiGate-7000Fs in a cluster must have the same log disk and RAID configuration. Use the execute disk list command to confirm the log disk configuration of each FIM in each FortiGate-7000F.

Changing the interfaces configuration before configuring HA

You should configure split interfaces or change interfaces types on both FortiGate-7000Fs before forming an FGCP HA cluster. If you decide to change the split interfaces or interface type configuration after forming a cluster, you need to remove the backup FortiGate-7000F from the cluster and change interface configuration on both FortiGate-7000Fs separately. After the FortiGate-7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.

For information about splitting interfaces and change interface types, see Changing the FIM-7921F 1 to 8, M1, and M2 interfaces.

After changing the interface configurations, check each FortiGate-7000F, make sure configurations of the FIMs and FPMs are synchronized before starting to configure HA. See Confirming that the FortiGate-7000F HA cluster is synchronized .