Fortinet white logo
Fortinet white logo

Hyperscale Firewall Guide

Recommended interface use for an FGCP HA hyperscale firewall cluster

Recommended interface use for an FGCP HA hyperscale firewall cluster

When setting up an FGCP HA cluster of two FortiGates operating as hyperscale firewalls, you need to select interfaces to use for some or all of the following features:

  • Management.

  • HA heartbeat (also called HA CPU heartbeat).

  • HA session synchronization (also called HA CPU session synchronization).

  • HA hardware session synchronization.

  • Hardware logging.

  • CPU logging.

  • Logging to FortiAnalyzer

The following table contains Fortinet's recommendations for the FortiGate interfaces to use to support these features.

Interfaces

Recommended for

MGMT1 and MGMT2

Normal management communication with the FortiGates in the cluster.

HA1 and HA2

HA heartbeat (also called HA CPU heartbeat) between the FortiGates in the cluster.

AUX1 and AUX2

HA session synchronization (also called HA CPU session synchronization) or session pickup.

The AUX1 and AUX2 interfaces are available only on the FortiGate 4200F/4201F and 4400F/4401F. For other FortiGate models, you can use any available interface or LAG for HA CPU session synchronization. For example, you may be able to use the HA interfaces for both HA CPU heartbeat and HA CPU session synchronization. If you need to separate HA CPU heartbeat and HA CPU session synchronization, you can use a data interface or a data interface LAG for HA CPU session synchronization.

Data interface

FGCP HA hardware session synchronization.

Data interface or data interface LAG

Hardware logging, CPU logging, and logging to a FortiAnalyzer. Depending on

bandwidth use, you can use the same data interface or data interface LAG for all of these features.

Recommended interface use for an FGCP HA hyperscale firewall cluster

Recommended interface use for an FGCP HA hyperscale firewall cluster

When setting up an FGCP HA cluster of two FortiGates operating as hyperscale firewalls, you need to select interfaces to use for some or all of the following features:

  • Management.

  • HA heartbeat (also called HA CPU heartbeat).

  • HA session synchronization (also called HA CPU session synchronization).

  • HA hardware session synchronization.

  • Hardware logging.

  • CPU logging.

  • Logging to FortiAnalyzer

The following table contains Fortinet's recommendations for the FortiGate interfaces to use to support these features.

Interfaces

Recommended for

MGMT1 and MGMT2

Normal management communication with the FortiGates in the cluster.

HA1 and HA2

HA heartbeat (also called HA CPU heartbeat) between the FortiGates in the cluster.

AUX1 and AUX2

HA session synchronization (also called HA CPU session synchronization) or session pickup.

The AUX1 and AUX2 interfaces are available only on the FortiGate 4200F/4201F and 4400F/4401F. For other FortiGate models, you can use any available interface or LAG for HA CPU session synchronization. For example, you may be able to use the HA interfaces for both HA CPU heartbeat and HA CPU session synchronization. If you need to separate HA CPU heartbeat and HA CPU session synchronization, you can use a data interface or a data interface LAG for HA CPU session synchronization.

Data interface

FGCP HA hardware session synchronization.

Data interface or data interface LAG

Hardware logging, CPU logging, and logging to a FortiAnalyzer. Depending on

bandwidth use, you can use the same data interface or data interface LAG for all of these features.