Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-7000 Handbook

Download PDF
Copy Link

Virtual clustering

FortiGate-7000 supports virtual clustering with two FortiGate-7000s operating in Multi VDOM mode. Virtual clustering is not supported for Split-Task VDOM mode.

A virtual cluster consists of two FortiGates operating in active-passive HA mode with Multi VDOM mode enabled. Virtual clustering is an extension of FGCP HA that uses VDOM partitioning to send traffic for some VDOMs to the primary FortiGate and traffic for other VDOMs to the secondary FortiGate. Distributing traffic between the FortiGates in a virtual cluster is similar to load balancing and can potentially improve overall throughput. You can adjust VDOM partitioning at any time to optimize traffic distribution without interrupting traffic flow.

VDOM partitioning distributes VDOMs between two virtual clusters (virtual cluster 1 and virtual cluster 2). When configuring virtual clustering you would normally set the device priority of virtual cluster 1 higher for the primary FortiGate and the device priority of virtual cluster 2 higher for the secondary FortiGate. With this configuration, all traffic in the VDOMs in virtual cluster 1 is processed by the primary FortiGate and all traffic in the VDOMs in virtual cluster 2 is processed by the secondary FortiGate. The FGCP selects the primary and secondary FortiGates whenever the cluster negotiates. The primary FortiGate can dynamically change based on FGCP HA primary unit selection criteria.

If a failure occurs and only one FortiGate continues to operate, all traffic fails over to that FortiGate, similar to normal FGCP HA. When the failed FortiGate rejoins the cluster, the configured traffic distribution is restored.

For more information about virtual clustering see:

Note

If you don't want active-passive virtual clustering to distribute traffic between FortiGates, you can configure VDOM partitioning to send traffic for all VDOMs to the primary FortiGate. The result is the same as standard active-passive FCGP HA, all traffic is processed by the primary FortiGate.

Virtual clustering creates a cluster between instances of each VDOM on the two FortiGates in the virtual cluster. All traffic to and from a given VDOM is sent to one of the FortiGates where it stays within its VDOM and is only processed by that VDOM. One FortiGate is the primary FortiGate for each VDOM and one FortiGate is the secondary FortiGate for each VDOM. The primary FortiGate processes all traffic for its VDOMs. The secondary FortiGate processes all traffic for its VDOMs.

The HA heartbeat provides the same HA services in a virtual clustering configuration as in a standard HA configuration. One set of HA heartbeat interfaces provides HA heartbeat services for all of the VDOMs in the cluster. You do not have to add a heartbeat interface for each VDOM.

Virtual clustering

FortiGate-7000 supports virtual clustering with two FortiGate-7000s operating in Multi VDOM mode. Virtual clustering is not supported for Split-Task VDOM mode.

A virtual cluster consists of two FortiGates operating in active-passive HA mode with Multi VDOM mode enabled. Virtual clustering is an extension of FGCP HA that uses VDOM partitioning to send traffic for some VDOMs to the primary FortiGate and traffic for other VDOMs to the secondary FortiGate. Distributing traffic between the FortiGates in a virtual cluster is similar to load balancing and can potentially improve overall throughput. You can adjust VDOM partitioning at any time to optimize traffic distribution without interrupting traffic flow.

VDOM partitioning distributes VDOMs between two virtual clusters (virtual cluster 1 and virtual cluster 2). When configuring virtual clustering you would normally set the device priority of virtual cluster 1 higher for the primary FortiGate and the device priority of virtual cluster 2 higher for the secondary FortiGate. With this configuration, all traffic in the VDOMs in virtual cluster 1 is processed by the primary FortiGate and all traffic in the VDOMs in virtual cluster 2 is processed by the secondary FortiGate. The FGCP selects the primary and secondary FortiGates whenever the cluster negotiates. The primary FortiGate can dynamically change based on FGCP HA primary unit selection criteria.

If a failure occurs and only one FortiGate continues to operate, all traffic fails over to that FortiGate, similar to normal FGCP HA. When the failed FortiGate rejoins the cluster, the configured traffic distribution is restored.

For more information about virtual clustering see:

Note

If you don't want active-passive virtual clustering to distribute traffic between FortiGates, you can configure VDOM partitioning to send traffic for all VDOMs to the primary FortiGate. The result is the same as standard active-passive FCGP HA, all traffic is processed by the primary FortiGate.

Virtual clustering creates a cluster between instances of each VDOM on the two FortiGates in the virtual cluster. All traffic to and from a given VDOM is sent to one of the FortiGates where it stays within its VDOM and is only processed by that VDOM. One FortiGate is the primary FortiGate for each VDOM and one FortiGate is the secondary FortiGate for each VDOM. The primary FortiGate processes all traffic for its VDOMs. The secondary FortiGate processes all traffic for its VDOMs.

The HA heartbeat provides the same HA services in a virtual clustering configuration as in a standard HA configuration. One set of HA heartbeat interfaces provides HA heartbeat services for all of the VDOMs in the cluster. You do not have to add a heartbeat interface for each VDOM.