Fortinet white logo
Fortinet white logo

FortiGate-7000F Administration Guide

Using M3 interfaces for HA heartbeat and M1 interfaces for session synchronization

Using M3 interfaces for HA heartbeat and M1 interfaces for session synchronization

This example shows how to set up the following HA heartbeat and session synchronization connections between two FortiGate 7121F chassis:

  • Redundant HA heartbeat communication over the 1-M3 and 2-M3 interfaces of each chassis. The HA heartbeat interfaces are connected together with a FortiSwitch.

  • Redundant session synchronization over the 1-M1 and 2-M1 interfaces of each chassis. The session synchronization interfaces are connected together with a FortiSwitch.

This example uses a single FortiSwitch. You can use any compatible switch configuration. For example, you could improve redundancy by using separate switches for each HA heartbeat and session synchronization. You could also separate switches for each HA heartbeat and each session synchronization channel.

FortiGate 7121F HA configuration

Chassis 1 would have the following HA configuration:

config system ha

set group-id <id>

set group-name <name>

set mode a-p

set hbdev 1-M3 100 2-M3 100

set chassis-id 1

set hbdev-vlan-id 4092

set hbdev-second-vlan-id 4091

set session-sync-dev 1-M1 2-M1

set session-pickup enable

set session-pickup-connectionless enable

set session-pickup-expectation enable

set password <password>

end

Chassis 2 would have the following HA configuration:

config system ha

set group-id <id>

set group-name <name>

set mode a-p

set hbdev 1-M3 100 2-M3 100

set chassis-id 2

set hbdev-vlan-id 4092

set hbdev-second-vlan-id 4091

set session-sync-dev 1-M1 2-M1

set session-pickup enable

set session-pickup-connectionless enable

set session-pickup-expectation enable

set password <password>

end

HA heartbeat switch configuration

The FortiSwitch has the following configuration for the HA heartbeat interfaces:

Switch interface port23.1 is connected to the 1-M3 interface of chassis 1.

config switch interface

edit port23.1

set native-vlan 295

set allowed-vlans 4092

set auto-discovery-fortilink enable

set snmp-index 23

end

Switch interface port23.3 is connected to the 2-M3 interface of chassis 1.

config switch interface

edit port23.3

set native-vlan 294

set allowed-vlans 4091

set stp-state disabled

set auto-discovery-fortilink enable

set snmp-index 59

end

Switch interface port24.1 is connected to the 1-M3 interface of chassis 2.

config switch interface

edit port24.1

set native-vlan 295

set allowed-vlans 4092

set auto-discovery-fortilink enable

set snmp-index 24

end

Switch interface port24.3 is connected to the 2-M3 interface of chassis 2.

config switch interface

edit port24.3

set native-vlan 294

set allowed-vlans 4091

set stp-state disabled

set auto-discovery-fortilink enable

set snmp-index 48

end

Session synchronization switch configuration

The FortiSwitch has the following configuration for the session synchronization interfaces:

Switch interface port25 is connected to the 1-M1 interface of chassis 1.

config switch interface

edit port25

set native-vlan 297

set snmp-index 25

end

Switch interface port26 is connected to the 1-M1 interface of chassis 2.

config switch interface

edit port26

set native-vlan 297

set snmp-index 26

end

Switch interface port29 is connected to the 2-M1 interface of chassis 1.

config switch interface

edit port29

set native-vlan 298

set snmp-index 29

end

Switch interface port30 is connected to the 2-M1 interface of chassis 2.

config switch interface

edit port30

set native-vlan 298

set snmp-index 30

end

Using M3 interfaces for HA heartbeat and M1 interfaces for session synchronization

Using M3 interfaces for HA heartbeat and M1 interfaces for session synchronization

This example shows how to set up the following HA heartbeat and session synchronization connections between two FortiGate 7121F chassis:

  • Redundant HA heartbeat communication over the 1-M3 and 2-M3 interfaces of each chassis. The HA heartbeat interfaces are connected together with a FortiSwitch.

  • Redundant session synchronization over the 1-M1 and 2-M1 interfaces of each chassis. The session synchronization interfaces are connected together with a FortiSwitch.

This example uses a single FortiSwitch. You can use any compatible switch configuration. For example, you could improve redundancy by using separate switches for each HA heartbeat and session synchronization. You could also separate switches for each HA heartbeat and each session synchronization channel.

FortiGate 7121F HA configuration

Chassis 1 would have the following HA configuration:

config system ha

set group-id <id>

set group-name <name>

set mode a-p

set hbdev 1-M3 100 2-M3 100

set chassis-id 1

set hbdev-vlan-id 4092

set hbdev-second-vlan-id 4091

set session-sync-dev 1-M1 2-M1

set session-pickup enable

set session-pickup-connectionless enable

set session-pickup-expectation enable

set password <password>

end

Chassis 2 would have the following HA configuration:

config system ha

set group-id <id>

set group-name <name>

set mode a-p

set hbdev 1-M3 100 2-M3 100

set chassis-id 2

set hbdev-vlan-id 4092

set hbdev-second-vlan-id 4091

set session-sync-dev 1-M1 2-M1

set session-pickup enable

set session-pickup-connectionless enable

set session-pickup-expectation enable

set password <password>

end

HA heartbeat switch configuration

The FortiSwitch has the following configuration for the HA heartbeat interfaces:

Switch interface port23.1 is connected to the 1-M3 interface of chassis 1.

config switch interface

edit port23.1

set native-vlan 295

set allowed-vlans 4092

set auto-discovery-fortilink enable

set snmp-index 23

end

Switch interface port23.3 is connected to the 2-M3 interface of chassis 1.

config switch interface

edit port23.3

set native-vlan 294

set allowed-vlans 4091

set stp-state disabled

set auto-discovery-fortilink enable

set snmp-index 59

end

Switch interface port24.1 is connected to the 1-M3 interface of chassis 2.

config switch interface

edit port24.1

set native-vlan 295

set allowed-vlans 4092

set auto-discovery-fortilink enable

set snmp-index 24

end

Switch interface port24.3 is connected to the 2-M3 interface of chassis 2.

config switch interface

edit port24.3

set native-vlan 294

set allowed-vlans 4091

set stp-state disabled

set auto-discovery-fortilink enable

set snmp-index 48

end

Session synchronization switch configuration

The FortiSwitch has the following configuration for the session synchronization interfaces:

Switch interface port25 is connected to the 1-M1 interface of chassis 1.

config switch interface

edit port25

set native-vlan 297

set snmp-index 25

end

Switch interface port26 is connected to the 1-M1 interface of chassis 2.

config switch interface

edit port26

set native-vlan 297

set snmp-index 26

end

Switch interface port29 is connected to the 2-M1 interface of chassis 1.

config switch interface

edit port29

set native-vlan 298

set snmp-index 29

end

Switch interface port30 is connected to the 2-M1 interface of chassis 2.

config switch interface

edit port30

set native-vlan 298

set snmp-index 30

end