Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 7.0.0 GCP Administration Guide
7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Configuring FortiGate clustering

Configuring FortiGate clustering

Note

Currently you must configure FortiGate clustering protocol unicast clustering in the FortiOS CLI.
To configure FortiGate clustering:
  1. Log in to the primary FortiGate.
  2. In the CLI console, configure high availability: 
    config system ha
    set group-name "ha"
    set mode a-p
    set hbdev "port3" 50 
    set session-pickup enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port3"
            set gateway SUBNET_GW
        next
    end
    set override disable
    set priority 10
    set unicast-hb enable
    set unicast-hb-peerip PEER_IP
    set unicast-hb-netmask SUBNET_NETMASK_LONG
end

    Replace the placeholders with the values for your deployment:

    Placeholder

    Value

    SUBNET_GW

    Gateway address (first IP address) for the heartbeat subnet.

    PEER_IP

    Secondary FortiGate internal IP address.

    SUBNET_NETMASK_LONG

    Heartbeat subnet mask in quad notation. For example, you could enter 255.255.255.0.

  3. Repeat the same configuration on the secondary FortiGate, configuring the primary FortiGate internal IP address for PEER_IP and setting the priority to 5.
  4. If the cluster is not built and FortiGates cannot connect to each other, ensure that the VPC network has a firewall rule allowing communication between FortiGate peers on the heartbeat network.
Note

From this point, you should manage your FortiGate instances using the addresses associated with port3. The secondary FortiGate does not respond to requests on port1 when in passive mode.
Previous
Next

Configuring FortiGate clustering

Note

Currently you must configure FortiGate clustering protocol unicast clustering in the FortiOS CLI.
To configure FortiGate clustering:
  1. Log in to the primary FortiGate.
  2. In the CLI console, configure high availability: 
    config system ha
    set group-name "ha"
    set mode a-p
    set hbdev "port3" 50 
    set session-pickup enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port3"
            set gateway SUBNET_GW
        next
    end
    set override disable
    set priority 10
    set unicast-hb enable
    set unicast-hb-peerip PEER_IP
    set unicast-hb-netmask SUBNET_NETMASK_LONG
end

    Replace the placeholders with the values for your deployment:

    Placeholder

    Value

    SUBNET_GW

    Gateway address (first IP address) for the heartbeat subnet.

    PEER_IP

    Secondary FortiGate internal IP address.

    SUBNET_NETMASK_LONG

    Heartbeat subnet mask in quad notation. For example, you could enter 255.255.255.0.

  3. Repeat the same configuration on the secondary FortiGate, configuring the primary FortiGate internal IP address for PEER_IP and setting the priority to 5.
  4. If the cluster is not built and FortiGates cannot connect to each other, ensure that the VPC network has a firewall rule allowing communication between FortiGate peers on the heartbeat network.
Note

From this point, you should manage your FortiGate instances using the addresses associated with port3. The secondary FortiGate does not respond to requests on port1 when in passive mode.
Previous
Next