Support up to 30 virtual clusters
In FortiOS 7.2.0, up to 30 virtual clusters are supported, which allows more VDOMs to be spread across different virtual clusters without overlapping. Each virtual cluster supports its own failover conditions. Previously, only two virtual clusters were supported.
When configuring virtual clusters, the group-id is limited to a value from 0 to 7. If the HA group-id is greater than 7, use the command line first to change the group-id before enabling virtual clusters.
config system ha
set group-id <integer>
end
|
When upgrading, old virtual clusters will be lost if the |
Example
In this example, there are 30 customers managed by an MSSP on an HA cluster, and each customer VDOM needs to failover independently of other customer VDOMs. Each customer is assigned to a different virtual cluster with its own virtual cluster configurations. This may include different monitored interfaces, ping servers, and priority for the primary and secondary cluster members. Each virtual cluster will fail over according to their own virtual cluster configurations.
config system ha
set vcluster-status enable
config vcluster
edit <id>
set override {enable | disable}
set priority <integer>
set vdom <vdom_1>, ... <vdom_n>
set monitor <interface_1>, ... <interface_n>
set pingserver-monitor-interface <interface_1>, ... <interface_n>
next
end
end
|
override {enable | disable} |
Enable/disable override and increase the priority of the unit that should always be the primary. |
|
priority <integer> |
Increase the priority to select the primary unit (0 - 255, default = 128). |
|
vdom <vdom_1>, ... <vdom_n> |
Set the virtual domains in the virtual cluster. |
|
monitor <interface_1>, ... <interface_n> |
Set the interfaces to check for port monitoring (or link failure). |
|
pingserver-monitor-interface <interface_1>, ... <interface_n> |
Set the interfaces to check for remote IP monitoring. |
This example assumes an A-P cluster and VDOMs have already been configured. See HA active-passive cluster setup and Virtual domains in the FortiOS Administration Guide for more information.
For each virtual cluster, this example assumes that unit 1 has an HA priority of 200, while unit 2 has an HA priority of 100. By default, unit 1 will be the primary cluster member of all the virtual clusters.
To configure multiple virtual clusters in the GUI:
- Go to System > HA and enable VDOM Partitioning.
- Create a virtual cluster:
- In the table, click Create New. The New Virtual Cluster pane opens.
- Set the Device priority to 200.
- Click the + and add the Virtual domains.
- Optionally, click the + and add the Monitor interfaces.
- Click OK.
- Repeat step 2 to create the remaining virtual clusters.
- Click OK to save the HA configuration. The HA page summary displays the multiple virtual clusters, each with a Primary and Secondary HA member.
- Edit the priority settings for the secondary members to be 100:
- Select the Secondary member in the table, and click Edit.
- Set the Priority to 100.
- Click OK.
- Repeat step 5 for the remaining secondary members.
To configure multiple virtual clusters in the CLI:
- Configure the primary FortiGate:
config system ha set vcluster-status enable config vcluster edit 1 set override disable set priority 200 set vdom "vdom1" next edit 2 set override disable set priority 200 set vdom "vdom2" next ... edit 30 set override disable set priority 200 set vdom "vdom30" next end end - Configure the secondary FortiGate:
config system ha set vcluster-status enable config vcluster edit 1 set override disable set priority 100 set vdom "vdom1" next edit 2 set override disable set priority 100 set vdom "vdom2" next ... edit 30 set override disable set priority 100 set vdom "vdom30" next end end