Preparing the FortiGates
- If required, upgrade the firmware running on the FortiGates. Both FortiGates should be running the same version of FortiOS.
- On each FortiGate, enter the following command to reset them factory default settings.
execute factoryreset
- Change the primary FortiGate Host name to identify it as the primary FortiGate by going to System > Settings.
- Change the backup FortiGate Host name to identify it as the backup FortiGate by going to System > Settings.
- Register and apply licenses to the FortiGates before configuring the cluster. This includes licensing for FortiCare Support, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, Security Rating, Outbreak Prevention, and additional virtual domains (VDOMs).
Both FortiGates in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs. You can add FortiToken licenses at any time because they're synchronized to all cluster members.
If the FortiGates in the cluster will run FortiOS Carrier, apply the FortiOS Carrier license before you configure the cluster (and before applying other licenses). When you applying the FortiOS Carrier license the FortiGate resets its configuration to factory defaults, requiring you to repeat steps performed before applying the license.
You can skip this step if the FortiGates are fresh from the factory. But if their configurations have changed at all, it's a best practice to reset them to factory defaults to reduce the chance of synchronization problems.
In some cases, after resetting to factory defaults you may want to make some initial configuration changes to connect the FortiGates to the network or for other reasons. To write this recipe, the lan switch on the FortiGate-51Es was converted to separate lan1 to lan5 interfaces.
You can also use the CLI to change the host name. From the Primary FortiGate:
config system global
set hostname Primary
end
From the Backup-1 FortiGate:
config system global
set hostname Backup
end