- Ensure the backup FortiGate is running the same version firmware as the primary FortiGate.
- If this is a new FortiGate that has never been used, you can skip this step.
Reset the backup FortiGate to factory default settings using the following CLI command:
If the FortiGates in the cluster will run FortiOS Carrier, apply the FortiOS Carrier license before you apply other licenses and before you configure the cluster. When you apply the FortiOS Carrier license, the FortiGate resets its configuration to factory defaults, requiring you to repeat steps performed before applying the license.
- On the backup FortiGate, go to System > Settings and change the Host name to identify this as the backup FortiGate.
- Go to System > HA and duplicate the HA configuration of the primary FortiGate (except for Device priority).
Set Mode to Active-Passive.
Set the Device Priority to a lower value than the default to ensure this FortiGate is always the backup FortiGate.
Set the same Group name and Password as the primary FortiGate.
Check that the same two Heartbeat interfaces (port3 and port4) are selected and the Heartbeat Interface Priority for each is set to 50.
- If you changed the cluster group ID of the primary FortiGate, change the cluster group ID for the backup FortiGate to match it, using this CLI command:
config system ha
set group-id 25
When you save the HA configuration of the backup FortiGate, if the heartbeat interfaces are connected, the FortiGates will find each other and form an HA cluster. Network traffic might be disrupted when the cluster negotiates the connection.