Fortinet white logo
Fortinet white logo

OCI Administration Guide

Configuring active-passive HA

Configuring active-passive HA

This step shows you how to configure A-P HA settings by using CLI commands on the GUI or via SSH.

In the commands, note the following:

  • Port4 is the hbdev port used for heartbeat connection.
  • For the management interface, you must use port 1, as OCI allows only port 1 for metadata access.
  • When setting priority on FortiGate B, set the priority to 100 (lower than FortiGate A's priority level). The node with the lower priority level is determined as the secondary node.
  • When setting the unicast heartbeat peer IP address (the last command), this is the IP address on the peer, which in the example is FortiGate B, which has port4 IP address 10.0.10.4 in the example. When setting FortiGate B's configuration, specify FortiGate A's port4 IP address, which is 10.0.10.3.

The following is the primary FortiGate configuration:

config system ha

set group-id 30

set group-name "ha-cluster"

set mode a-p

set hbdev "port4" 50

set session-pickup enable

set session-pickup-connectionless enable

set ha-mgmt-status enable

config ha-mgmt-interfaces

edit 1

set interface "port1"

set gateway 10.0.0.1

next

end

set override disable

set priority 200

set unicast-hb enable

set unicast-hb-peerip 10.0.10.4

end

Once configuration is complete, exit the CLI or SSH session.

The following is the secondary FortiGate configuration:

config system ha

set group-id 30

set group-name "ha-cluster"

set mode a-p

set hbdev "port4" 50

set session-pickup enable

set session-pickup-connectionless enable

set ha-mgmt-status enable

config ha-mgmt-interfaces

edit 1

set interface "port1"

set gateway 10.0.0.1

next

end

set override disable

set priority 100

set unicast-hb enable

set unicast-hb-peerip 10.0.10.3

end

Configuring active-passive HA

Configuring active-passive HA

This step shows you how to configure A-P HA settings by using CLI commands on the GUI or via SSH.

In the commands, note the following:

  • Port4 is the hbdev port used for heartbeat connection.
  • For the management interface, you must use port 1, as OCI allows only port 1 for metadata access.
  • When setting priority on FortiGate B, set the priority to 100 (lower than FortiGate A's priority level). The node with the lower priority level is determined as the secondary node.
  • When setting the unicast heartbeat peer IP address (the last command), this is the IP address on the peer, which in the example is FortiGate B, which has port4 IP address 10.0.10.4 in the example. When setting FortiGate B's configuration, specify FortiGate A's port4 IP address, which is 10.0.10.3.

The following is the primary FortiGate configuration:

config system ha

set group-id 30

set group-name "ha-cluster"

set mode a-p

set hbdev "port4" 50

set session-pickup enable

set session-pickup-connectionless enable

set ha-mgmt-status enable

config ha-mgmt-interfaces

edit 1

set interface "port1"

set gateway 10.0.0.1

next

end

set override disable

set priority 200

set unicast-hb enable

set unicast-hb-peerip 10.0.10.4

end

Once configuration is complete, exit the CLI or SSH session.

The following is the secondary FortiGate configuration:

config system ha

set group-id 30

set group-name "ha-cluster"

set mode a-p

set hbdev "port4" 50

set session-pickup enable

set session-pickup-connectionless enable

set ha-mgmt-status enable

config ha-mgmt-interfaces

edit 1

set interface "port1"

set gateway 10.0.0.1

next

end

set override disable

set priority 100

set unicast-hb enable

set unicast-hb-peerip 10.0.10.3

end