Recommended interface use for an FGCP HA hyperscale firewall cluster
When setting up an FGCP HA cluster of two FortiGates operating as hyperscale firewalls, you need to select interfaces to use for some or all of the following features:
-
Management.
-
HA heartbeat (also called HA CPU heartbeat).
-
HA session synchronization (also called HA CPU session synchronization).
-
HA hardware session synchronization.
-
Hardware logging.
-
CPU logging.
-
Logging to FortiAnalyzer
The following table contains Fortinet's recommendations for the FortiGate interfaces to use to support these features.
Interfaces |
Recommended for |
---|---|
MGMT1 and MGMT2 |
Normal management communication with the FortiGates in the cluster. |
HA1 and HA2 |
HA heartbeat (also called HA CPU heartbeat) between the FortiGates in the cluster. |
AUX1 and AUX2 |
HA session synchronization (also called HA CPU session synchronization) or session pickup. The AUX1 and AUX2 interfaces are available only on the FortiGate 4200F/4201F and 4400F/4401F. For other FortiGate models, you can use any available interface or LAG for HA CPU session synchronization. For example, you may be able to use the HA interfaces for both HA CPU heartbeat and HA CPU session synchronization. If you need to separate HA CPU heartbeat and HA CPU session synchronization, you can use a data interface or a data interface LAG for HA CPU session synchronization. |
Data interface |
FGCP HA hardware session synchronization. |
Data interface or data interface LAG |
Hardware logging, CPU logging, and logging to a FortiAnalyzer. Depending on bandwidth use, you can use the same data interface or data interface LAG for all of these features. |