Connecting and verifying cluster operation
Connect the FortiGates together and to your networks as shown in the network diagram at the start of this example Making these connections disrupts network traffic as you disconnect and re-connect cables.
You must use switches between the cluster and the Internet, between the cluster and the internal networks, and between the cluster and the engineering network as shown in the network diagram. You can use any good quality switches to make these connections. You can use fewer switches for all these connections as long as you configure the switch to separate traffic from different networks.
To make HA heartbeat connections, connect all of the lan4 interfaces to the same switch and all of the lan5 interfaces to another switch.
When you connect the heartbeat interfaces and power on the FortiGates, they find each other and negotiate to form a cluster. The cluster will have the same IP addresses as the primary FortiGate. You can log into the cluster by logging into the primary FortiGate GUI or CLI using one of the original IP addresses of the primary FortiGate.
Check the cluster synchronization status to make sure the primary and backup FortiGates both have the same configuration. Log into the primary FortiGate CLI and enter this command:
diagnose sys ha checksum cluster
The command output lists all cluster members' configuration checksums. If both cluster members have identical checksums you can be sure that their configurations are synchronized. If the checksums are different, wait a short while and enter the command again. Repeat until the checksums are identical. It may take a while for some parts of the configuration to be synchronized. If the checksums never become identical you can use the information in Synchronizing the configuration to troubleshoot the problem or visit the Fortinet Support website for assistance.
You can also use the
get system ha status command to display detailed information about the cluster. For information about this command, see Viewing cluster status from the CLI for details.
The HA Status dashboard widget also shows synchronization status. Hover over the host names of each FortiGate in the widget to verify that they are synchronized and both have the same checksum.