Fortinet black logo

Cookbook

FGCP Virtual Clustering with two FortiGates (expert)

Copy Link
Copy Doc ID 4d801240-7ccc-11e9-81a4-00505692583a:420663
Download PDF

FGCP Virtual Clustering with two FortiGates (expert)

This example describes how to set up a FortiGate Clustering Protocol (FGCP) virtual clustering configuration with two FortiGates to provide redundancy and failover protection for two networks. The FortiGate configuration includes two VDOMs. The root VDOM handles internal network traffic and the engineering VDOM handles engineering network traffic. This example shows a simple two-VDOM configuration. The same principles apply to a virtual cluster with more VDOMs.

In this virtual cluster configuration, the primary FortiGate processes all internal network traffic and the backup FortiGate processes all engineering network traffic. Virtual clustering enables override and uses device priorities to distribute traffic between the primary and backup FortiGates. For details, see Configuring virtual clustering.

This example uses two FortiGate-51Es. FortiGate-51Es have a 5-port switch LAN interface. Before configuring HA, the LAN interface was converted to five separate interfaces (lan1 to lan5).

Caution

Before adding the management VDOM to virtual cluster 2, ensure you have added all the backup FortiGates and they have joined the cluster; otherwise the configuration of the primary FortiGate might be overwritten by the backup FortiGate.

Before you start, ensure the FortiGates are running the same FortiOS firmware version and their interfaces are not configured to get addresses from DHCP or PPPoE.

Note

The FGCP does not support using a switch interface for the HA heartbeat. As an alternative to using the lan4 and lan5 interfaces as described in this example, you can use the wan1 and wan2 interfaces for the HA heartbeat.

For an example of how to configure virtual clustering by converting a FortiGate with VDOMs to HA mode and then adding another FortiGate to form a cluster, see High availability with FGCP (expert).

FGCP Virtual Clustering with two FortiGates (expert)

This example describes how to set up a FortiGate Clustering Protocol (FGCP) virtual clustering configuration with two FortiGates to provide redundancy and failover protection for two networks. The FortiGate configuration includes two VDOMs. The root VDOM handles internal network traffic and the engineering VDOM handles engineering network traffic. This example shows a simple two-VDOM configuration. The same principles apply to a virtual cluster with more VDOMs.

In this virtual cluster configuration, the primary FortiGate processes all internal network traffic and the backup FortiGate processes all engineering network traffic. Virtual clustering enables override and uses device priorities to distribute traffic between the primary and backup FortiGates. For details, see Configuring virtual clustering.

This example uses two FortiGate-51Es. FortiGate-51Es have a 5-port switch LAN interface. Before configuring HA, the LAN interface was converted to five separate interfaces (lan1 to lan5).

Caution

Before adding the management VDOM to virtual cluster 2, ensure you have added all the backup FortiGates and they have joined the cluster; otherwise the configuration of the primary FortiGate might be overwritten by the backup FortiGate.

Before you start, ensure the FortiGates are running the same FortiOS firmware version and their interfaces are not configured to get addresses from DHCP or PPPoE.

Note

The FGCP does not support using a switch interface for the HA heartbeat. As an alternative to using the lan4 and lan5 interfaces as described in this example, you can use the wan1 and wan2 interfaces for the HA heartbeat.

For an example of how to configure virtual clustering by converting a FortiGate with VDOMs to HA mode and then adding another FortiGate to form a cluster, see High availability with FGCP (expert).