Before you begin:
- The FortiGate-7000Fs must be running the same FortiOS firmware version.
- The FortiGate-7000Fs must be in the same VDOM mode (Multi VDOM or Split-Task VDOM mode).
To successfully form an FGCP HA cluster, both FortiGate-7000Fs must be operating in the same VDOM mode (Multi or Split-Task). You should change both FortiGate-7000Fs to the VDOM mode that you want them to operate in before configuring HA. To change the VDOM mode of an operating cluster, you need remove the backup FortiGate-7000F from the cluster, switch both FortiGate-7000Fs to the other VDOM mode and then re-form the cluster. This process will cause traffic interruptions.
- Interfaces should be configured with static IP addresses (not DHCP or PPPoE).
- Register and apply licenses to each FortiGate-7000F before setting up the HA cluster. This includes licensing for FortiCare, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, and additional virtual domains (VDOMs).
- Both FortiGate-7000Fs in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs.
- FortiToken licenses can be added at any time because they are synchronized to all cluster members.
Both FIMs in both FortiGate-7000Fs in a cluster must have the same log disk and RAID configuration. Use the
execute disk listcommand to confirm the log disk configuration of each FIM in each FortiGate-7000F.
You should configure split interfaces or change interfaces types on both FortiGate-7000Fs before forming an FGCP HA cluster. If you decide to change the split interfaces or interface type configuration after forming a cluster, you need to remove the backup FortiGate-7000F from the cluster and change interface configuration on both FortiGate-7000Fs separately. After the FortiGate-7000Fs restart, you can re-form the cluster. This process will cause traffic interruptions.
For information about splitting interfaces and change interface types, see Changing the FIM-7921F 1 to 8, M1, and M2 interfaces.
After changing the interface configurations, check each FortiGate-7000F, make sure configurations of the FIMs and FPMs are synchronized before starting to configure HA. See Confirming that the FortiGate-7000F HA cluster is synchronized .