Setting up FortiGate HA
To set up FortiGate HA:
- Go to Compute Engine > VM Instances.
- Note the external IP addresses assigned to nic0 on each FortiGate.
- Connect to the primary FortiGate's external IP address using SSH, then enter the following commands:
config system ha
set group-name <choose a group name for the cluster>
set mode a-p
set hbdev "port3" 100
set session-pickup enable
set session-pickup-connectionless enable
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface "port4"
set gateway <ip address of MGMT network intrinsic router>
next
end
set override disable
set priority 255
set unicast-hb enable
set unicast-hb-peerip <ip address of HA interface of secondary FortiGate>
set unicast-hb-netmask <netmask of HA sync network>
end
config system sdn-connector
edit "gcp_conn"
set type gcp
set ha-status enable
config external-ip
edit "reserve-fgthapublic"
next
end
config route
edit "route-internal"
next
end
set use-metadata-iam disable
set gcp-project "..."
set service-account "..."
set private-key "..."
next
end
- Connect to the secondary FortiGate's external IP address using SSH, then enter the following commands:
config system ha
set group-name <enter the same group name you entered in the primary FortiGate>
set mode a-p
set hbdev "port3" 100
set session-pickup enable
set session-pickup-connectionless enable
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface "port4"
set gateway <ip address of MGMT network intrinsic router>
next
end
set override disable
set priority 255
set unicast-hb enable
set unicast-hb-peerip <ip address of HA interface of primary FortiGate>
set unicast-hb-netmask <netmask of HA sync network>
end
- In the GCP console, go to VPC network > Routes.
- Note the name of the default route table created in Creating a GCP route table.
- Go to Compute Engine > VM Instances.
- Note the primary FortiGate's external IP address.