Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiGate-7000F Administration Guide

    Home FortiGate / FortiOS 7.2.8 FortiGate-7000F Administration Guide
    7.2.8
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5

    Using M3 interfaces for HA heartbeat and M1 interfaces for session synchronization

    Using M3 interfaces for HA heartbeat and M1 interfaces for session synchronization

    This example shows how to set up the following HA heartbeat and session synchronization connections between two FortiGate 7121F chassis:

    • Redundant HA heartbeat communication over the 1-M3 and 2-M3 interfaces of each chassis. The HA heartbeat interfaces are connected together with a FortiSwitch.

    • Redundant session synchronization over the 1-M1 and 2-M1 interfaces of each chassis. The session synchronization interfaces are connected together with a FortiSwitch.

    This example uses a single FortiSwitch. You can use any compatible switch configuration. For example, you could improve redundancy by using separate switches for each HA heartbeat and session synchronization. You could also separate switches for each HA heartbeat and each session synchronization channel.

    FortiGate 7121F HA configuration

    Chassis 1 would have the following HA configuration:

    config system ha

    set group-id <id>

    set group-name <name>

    set mode a-p

    set hbdev 1-M3 100 2-M3 100

    set chassis-id 1

    set hbdev-vlan-id 4092

    set hbdev-second-vlan-id 4091

    set session-sync-dev 1-M1 2-M1

    set session-pickup enable

    set session-pickup-connectionless enable

    set session-pickup-expectation enable

    set password <password>

    end

    Chassis 2 would have the following HA configuration:

    config system ha

    set group-id <id>

    set group-name <name>

    set mode a-p

    set hbdev 1-M3 100 2-M3 100

    set chassis-id 2

    set hbdev-vlan-id 4092

    set hbdev-second-vlan-id 4091

    set session-sync-dev 1-M1 2-M1

    set session-pickup enable

    set session-pickup-connectionless enable

    set session-pickup-expectation enable

    set password <password>

    end

    HA heartbeat switch configuration

    The FortiSwitch has the following configuration for the HA heartbeat interfaces:

    Switch interface port23.1 is connected to the 1-M3 interface of chassis 1.

    config switch interface

    edit port23.1

    set native-vlan 295

    set allowed-vlans 4092

    set auto-discovery-fortilink enable

    set snmp-index 23

    end

    Switch interface port23.3 is connected to the 2-M3 interface of chassis 1.

    config switch interface

    edit port23.3

    set native-vlan 294

    set allowed-vlans 4091

    set stp-state disabled

    set auto-discovery-fortilink enable

    set snmp-index 59

    end

    Switch interface port24.1 is connected to the 1-M3 interface of chassis 2.

    config switch interface

    edit port24.1

    set native-vlan 295

    set allowed-vlans 4092

    set auto-discovery-fortilink enable

    set snmp-index 24

    end

    Switch interface port24.3 is connected to the 2-M3 interface of chassis 2.

    config switch interface

    edit port24.3

    set native-vlan 294

    set allowed-vlans 4091

    set stp-state disabled

    set auto-discovery-fortilink enable

    set snmp-index 48

    end

    Session synchronization switch configuration

    The FortiSwitch has the following configuration for the session synchronization interfaces:

    Switch interface port25 is connected to the 1-M1 interface of chassis 1.

    config switch interface

    edit port25

    set native-vlan 297

    set snmp-index 25

    end

    Switch interface port26 is connected to the 1-M1 interface of chassis 2.

    config switch interface

    edit port26

    set native-vlan 297

    set snmp-index 26

    end

    Switch interface port29 is connected to the 2-M1 interface of chassis 1.

    config switch interface

    edit port29

    set native-vlan 298

    set snmp-index 29

    end

    Switch interface port30 is connected to the 2-M1 interface of chassis 2.

    config switch interface

    edit port30

    set native-vlan 298

    set snmp-index 30

    end

    Previous
    Next

    Using M3 interfaces for HA heartbeat and M1 interfaces for session synchronization

    Using M3 interfaces for HA heartbeat and M1 interfaces for session synchronization

    This example shows how to set up the following HA heartbeat and session synchronization connections between two FortiGate 7121F chassis:

    • Redundant HA heartbeat communication over the 1-M3 and 2-M3 interfaces of each chassis. The HA heartbeat interfaces are connected together with a FortiSwitch.

    • Redundant session synchronization over the 1-M1 and 2-M1 interfaces of each chassis. The session synchronization interfaces are connected together with a FortiSwitch.

    This example uses a single FortiSwitch. You can use any compatible switch configuration. For example, you could improve redundancy by using separate switches for each HA heartbeat and session synchronization. You could also separate switches for each HA heartbeat and each session synchronization channel.

    FortiGate 7121F HA configuration

    Chassis 1 would have the following HA configuration:

    config system ha

    set group-id <id>

    set group-name <name>

    set mode a-p

    set hbdev 1-M3 100 2-M3 100

    set chassis-id 1

    set hbdev-vlan-id 4092

    set hbdev-second-vlan-id 4091

    set session-sync-dev 1-M1 2-M1

    set session-pickup enable

    set session-pickup-connectionless enable

    set session-pickup-expectation enable

    set password <password>

    end

    Chassis 2 would have the following HA configuration:

    config system ha

    set group-id <id>

    set group-name <name>

    set mode a-p

    set hbdev 1-M3 100 2-M3 100

    set chassis-id 2

    set hbdev-vlan-id 4092

    set hbdev-second-vlan-id 4091

    set session-sync-dev 1-M1 2-M1

    set session-pickup enable

    set session-pickup-connectionless enable

    set session-pickup-expectation enable

    set password <password>

    end

    HA heartbeat switch configuration

    The FortiSwitch has the following configuration for the HA heartbeat interfaces:

    Switch interface port23.1 is connected to the 1-M3 interface of chassis 1.

    config switch interface

    edit port23.1

    set native-vlan 295

    set allowed-vlans 4092

    set auto-discovery-fortilink enable

    set snmp-index 23

    end

    Switch interface port23.3 is connected to the 2-M3 interface of chassis 1.

    config switch interface

    edit port23.3

    set native-vlan 294

    set allowed-vlans 4091

    set stp-state disabled

    set auto-discovery-fortilink enable

    set snmp-index 59

    end

    Switch interface port24.1 is connected to the 1-M3 interface of chassis 2.

    config switch interface

    edit port24.1

    set native-vlan 295

    set allowed-vlans 4092

    set auto-discovery-fortilink enable

    set snmp-index 24

    end

    Switch interface port24.3 is connected to the 2-M3 interface of chassis 2.

    config switch interface

    edit port24.3

    set native-vlan 294

    set allowed-vlans 4091

    set stp-state disabled

    set auto-discovery-fortilink enable

    set snmp-index 48

    end

    Session synchronization switch configuration

    The FortiSwitch has the following configuration for the session synchronization interfaces:

    Switch interface port25 is connected to the 1-M1 interface of chassis 1.

    config switch interface

    edit port25

    set native-vlan 297

    set snmp-index 25

    end

    Switch interface port26 is connected to the 1-M1 interface of chassis 2.

    config switch interface

    edit port26

    set native-vlan 297

    set snmp-index 26

    end

    Switch interface port29 is connected to the 2-M1 interface of chassis 1.

    config switch interface

    edit port29

    set native-vlan 298

    set snmp-index 29

    end

    Switch interface port30 is connected to the 2-M1 interface of chassis 2.

    config switch interface

    edit port30

    set native-vlan 298

    set snmp-index 30

    end

    Previous
    Next