Fortinet black logo

Cookbook

Preparing the FortiGates

Copy Link
Copy Doc ID a4a06ec3-12a7-11e9-b86b-00505692583a:513562
Download PDF

Preparing the FortiGates

  1. If required, upgrade the firmware running on the FortiGates. All of the FortiGates should be running the same version of FortiOS.
  2. On each FortiGate, enter the following command to reset them factory default settings.

    execute factoryreset

    You can skip this step if the FortiGates are fresh from the factory. But if their configurations have changed at all, it's a best practice to reset them to factory defaults to reduce the chance of synchronization problems.

    In some cases, after resetting to factory defaults you may want to make some initial configuration changes to connect the FortiGates to the network or for other reasons. To write this recipe, the lan switch on the FortiGate-51Es was converted to separate lan1 to lan5 interfaces.

  3. Change the primary FortiGate Host name to identify it as the primary FortiGate by going to System > Settings.
  4. Change the backup FortiGate Host name to identify it as Backup-1 by going to System > Settings.
  5. Change the third FortiGate Host name to identify it as Backup-2 by going to System > Settings.
  6. Change the fourth FortiGate Host name to identify it as Backup-3 by going to System > Settings.
  7. You can also use the CLI to change the host name. From the Primary FortiGate:

    config system global

    set hostname Primary

    end

    From the Backup-1 FortiGate:

    config system global

    set hostname Backup-1

    end

    From the Backup-2 FortiGate:

    config system global

    set hostname Backup-2

    end

    From the Backup-3 FortiGate:

    config system global

    set hostname Backup-3

    end

  8. Register and apply licenses to the FortiGates before configuring the cluster. This includes licensing for FortiCare Support, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, Security Rating, Outbreak Prevention, and additional virtual domains (VDOMs).

    All FortiGates in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs. You can add FortiToken licenses at any time because they're synchronized to all cluster members.

    Note

    If the FortiGates in the cluster will run FortiOS Carrier, apply the FortiOS Carrier license before you configure the cluster (and before applying other licenses). When you applying the FortiOS Carrier license the FortiGate resets its configuration to factory defaults, requiring you to repeat steps performed before applying the license.

Preparing the FortiGates

  1. If required, upgrade the firmware running on the FortiGates. All of the FortiGates should be running the same version of FortiOS.
  2. On each FortiGate, enter the following command to reset them factory default settings.

    execute factoryreset

    You can skip this step if the FortiGates are fresh from the factory. But if their configurations have changed at all, it's a best practice to reset them to factory defaults to reduce the chance of synchronization problems.

    In some cases, after resetting to factory defaults you may want to make some initial configuration changes to connect the FortiGates to the network or for other reasons. To write this recipe, the lan switch on the FortiGate-51Es was converted to separate lan1 to lan5 interfaces.

  3. Change the primary FortiGate Host name to identify it as the primary FortiGate by going to System > Settings.
  4. Change the backup FortiGate Host name to identify it as Backup-1 by going to System > Settings.
  5. Change the third FortiGate Host name to identify it as Backup-2 by going to System > Settings.
  6. Change the fourth FortiGate Host name to identify it as Backup-3 by going to System > Settings.
  7. You can also use the CLI to change the host name. From the Primary FortiGate:

    config system global

    set hostname Primary

    end

    From the Backup-1 FortiGate:

    config system global

    set hostname Backup-1

    end

    From the Backup-2 FortiGate:

    config system global

    set hostname Backup-2

    end

    From the Backup-3 FortiGate:

    config system global

    set hostname Backup-3

    end

  8. Register and apply licenses to the FortiGates before configuring the cluster. This includes licensing for FortiCare Support, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, Security Rating, Outbreak Prevention, and additional virtual domains (VDOMs).

    All FortiGates in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs. You can add FortiToken licenses at any time because they're synchronized to all cluster members.

    Note

    If the FortiGates in the cluster will run FortiOS Carrier, apply the FortiOS Carrier license before you configure the cluster (and before applying other licenses). When you applying the FortiOS Carrier license the FortiGate resets its configuration to factory defaults, requiring you to repeat steps performed before applying the license.