Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • GCP Administration Guide

    Home FortiGate Public Cloud 7.6.0 GCP Administration Guide
    7.6.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Configuring FortiGate clustering

    Configuring FortiGate clustering

    Note

    Currently you must configure FortiGate clustering protocol unicast clustering in the FortiOS CLI.
    To configure FortiGate clustering:
    1. Log in to the primary FortiGate.
    2. In the CLI console, configure high availability: 
      config system ha
    set group-name "ha"
    set mode a-p
    set hbdev "port3" 50 
    set session-pickup enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port3"
            set gateway SUBNET_GW
        next
    end
    set override disable
    set priority 10
    set unicast-hb enable
    set unicast-hb-peerip PEER_IP
    set unicast-hb-netmask SUBNET_NETMASK_LONG
end

      Replace the placeholders with the values for your deployment:

      Placeholder

      Value

      SUBNET_GW

      Gateway address (first IP address) for the heartbeat subnet.

      PEER_IP

      Secondary FortiGate internal IP address.

      SUBNET_NETMASK_LONG

      Heartbeat subnet mask in quad notation. For example, you could enter 255.255.255.0.

    3. Repeat the same configuration on the secondary FortiGate, configuring the primary FortiGate internal IP address for PEER_IP and setting the priority to 5.
    4. If the cluster is not built and FortiGates cannot connect to each other, ensure that the VPC network has a firewall rule allowing communication between FortiGate peers on the heartbeat network.
    Note

    From this point, you should manage your FortiGate instances using the addresses associated with port3. The secondary FortiGate does not respond to requests on port1 when in passive mode.
    Previous
    Next

    Configuring FortiGate clustering

    Configuring FortiGate clustering

    Note

    Currently you must configure FortiGate clustering protocol unicast clustering in the FortiOS CLI.
    To configure FortiGate clustering:
    1. Log in to the primary FortiGate.
    2. In the CLI console, configure high availability: 
      config system ha
    set group-name "ha"
    set mode a-p
    set hbdev "port3" 50 
    set session-pickup enable
    set ha-mgmt-status enable
    config ha-mgmt-interfaces
        edit 1
            set interface "port3"
            set gateway SUBNET_GW
        next
    end
    set override disable
    set priority 10
    set unicast-hb enable
    set unicast-hb-peerip PEER_IP
    set unicast-hb-netmask SUBNET_NETMASK_LONG
end

      Replace the placeholders with the values for your deployment:

      Placeholder

      Value

      SUBNET_GW

      Gateway address (first IP address) for the heartbeat subnet.

      PEER_IP

      Secondary FortiGate internal IP address.

      SUBNET_NETMASK_LONG

      Heartbeat subnet mask in quad notation. For example, you could enter 255.255.255.0.

    3. Repeat the same configuration on the secondary FortiGate, configuring the primary FortiGate internal IP address for PEER_IP and setting the priority to 5.
    4. If the cluster is not built and FortiGates cannot connect to each other, ensure that the VPC network has a firewall rule allowing communication between FortiGate peers on the heartbeat network.
    Note

    From this point, you should manage your FortiGate instances using the addresses associated with port3. The secondary FortiGate does not respond to requests on port1 when in passive mode.
    Previous
    Next