Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-7000 Handbook

Download PDF
Copy Link

Limitations of FortiGate-7000 virtual clustering

FortiGate-6000 virtual clustering includes the following limitations:

  • Virtual clustering supports two FortiGates only.
  • Active-passive HA mode is supported, active-active HA is not.
  • The root and mgmt-vdom VDOMs must be in virtual cluster 1 (also called the primary virtual cluster).
  • A VLAN must be in the same virtual cluster as the physical interface or LAG that the VLAN has been added to. The VLAN can be in the same VDOM as its physical interface or LAG or in a different VDOM, as long as both VDOMs are in the same virtual cluster.

  • The interfaces that are created when you add an inter-VDOM link must be in the same virtual cluster as the inter-VDOM link. You can change the virtual cluster that an inter-VDOM link is in by editing the inter-VDOM link and changing the vcluster setting.
  • Using HA reserved management interfaces to manage individual cluster units is not supported. You can use In-band management to manage and monitor VDOMs in virtual cluster 2 by enabling management access for one or more data interfaces in the VDOMs in virtual cluster 2 and then logging into the GUI or CLI using these interfaces. See Using data interfaces for management traffic.

    You can also use special management port numbers to connect to the secondary chassis FortiGate-7000 primary FIM (see HA mode special management port numbers).

Limitations of FortiGate-7000 virtual clustering

FortiGate-6000 virtual clustering includes the following limitations:

  • Virtual clustering supports two FortiGates only.
  • Active-passive HA mode is supported, active-active HA is not.
  • The root and mgmt-vdom VDOMs must be in virtual cluster 1 (also called the primary virtual cluster).
  • A VLAN must be in the same virtual cluster as the physical interface or LAG that the VLAN has been added to. The VLAN can be in the same VDOM as its physical interface or LAG or in a different VDOM, as long as both VDOMs are in the same virtual cluster.

  • The interfaces that are created when you add an inter-VDOM link must be in the same virtual cluster as the inter-VDOM link. You can change the virtual cluster that an inter-VDOM link is in by editing the inter-VDOM link and changing the vcluster setting.
  • Using HA reserved management interfaces to manage individual cluster units is not supported. You can use In-band management to manage and monitor VDOMs in virtual cluster 2 by enabling management access for one or more data interfaces in the VDOMs in virtual cluster 2 and then logging into the GUI or CLI using these interfaces. See Using data interfaces for management traffic.

    You can also use special management port numbers to connect to the secondary chassis FortiGate-7000 primary FIM (see HA mode special management port numbers).