High availability with FGCP (expert)
This example describes how to enhance the reliability of a network protected by a FortiGate by adding a second FortiGate and setting up a FortiGate Clustering Protocol (FGCP) high availability (HA) cluster.
First, configure the FortiGate already on the network to become the primary FortiGate by:
- Licensing the FortiGate if required.
- Enabling HA.
- Increasing its device priority.
- Enabling override.
Then prepare the new FortiGate by:
- Setting it to factory defaults to reset any configuration changes.
- Licensing the FortiGate if required.
- Enabling HA without changing the device priority and without enabling override.
- Connecting it to the FortiGate already on the network.
The new FortiGate becomes the backup FortiGate and its configuration is overwritten by the primary FortiGate.
This example describes best practices for configuring HA and includes extra steps that are not required for a basic HA setup. For an example of setting up a basic HA, see High availability with two FortiGates.
Before you start, ensure the FortiGates are running the same FortiOS firmware version and their interfaces are not configured to get addresses from DHCP or PPPoE.
The FGCP does not support using a switch interface for the HA heartbeat. As an alternative to using the lan4 and lan5 interfaces as described in this example, you can use the wan1 and wan2 interfaces for the HA heartbeat. |