Fortinet black logo

Cookbook

Connecting the primary and backup FortiGates

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:162663
Download PDF

Connecting the primary and backup FortiGates

Connect the backup FortiGate to the primary FortiGate and to the network as shown in the network diagram at the start of this example. Making these connections disrupts network traffic as you disconnect and reconnect cables.

You must use switches between the cluster and the Internet, and between the cluster and the internal networks, as shown in the network diagram. You can use any good quality switches to make these connections. You can also use one switch for all these connections as long as you configure the switch to separate traffic from different networks.

This example shows the recommended configuration of direct connections between the port3 heartbeat interfaces and between the port4 heartbeat interfaces. A best practice is to use interfaces that don't process traffic but this is not a requirement.

When you connect the heartbeat interfaces and power on the FortiGates, they find each other and negotiate to form a cluster. The primary FortiGate synchronizes its configuration to the backup FortiGate. The cluster forms automatically with minimal or no additional disruption to network traffic.

The cluster has the same IP addresses as the primary FortiGate. You can log into the cluster by logging into the primary FortiGate CLI or GUI using one of the original IP addresses of the primary FortiGate.

Connecting the primary and backup FortiGates

Connect the backup FortiGate to the primary FortiGate and to the network as shown in the network diagram at the start of this example. Making these connections disrupts network traffic as you disconnect and reconnect cables.

You must use switches between the cluster and the Internet, and between the cluster and the internal networks, as shown in the network diagram. You can use any good quality switches to make these connections. You can also use one switch for all these connections as long as you configure the switch to separate traffic from different networks.

This example shows the recommended configuration of direct connections between the port3 heartbeat interfaces and between the port4 heartbeat interfaces. A best practice is to use interfaces that don't process traffic but this is not a requirement.

When you connect the heartbeat interfaces and power on the FortiGates, they find each other and negotiate to form a cluster. The primary FortiGate synchronizes its configuration to the backup FortiGate. The cluster forms automatically with minimal or no additional disruption to network traffic.

The cluster has the same IP addresses as the primary FortiGate. You can log into the cluster by logging into the primary FortiGate CLI or GUI using one of the original IP addresses of the primary FortiGate.