Virtual clustering
A virtual cluster consists of two FortiGate 7000Es operating in active-passive HA mode with Multi VDOM mode enabled. Virtual clustering is an extension of FGCP HA that uses VDOM partitioning to send traffic for some VDOMs to the primary FortiGate 7000E and traffic for other VDOMs to the secondary FortiGate 7000E. Distributing traffic between the FortiGate 7000Es in a virtual cluster is similar to load balancing and can potentially improve overall throughput. You can adjust VDOM partitioning at any time to optimize traffic distribution without interrupting traffic flow.
VDOM partitioning distributes VDOMs between two virtual clusters (virtual cluster 1 and virtual cluster 2). When configuring virtual clustering you would normally set the device priority of virtual cluster 1 higher for the primary FortiGate 7000E and the device priority of virtual cluster 2 higher for the secondary FortiGate 7000E. With this configuration, all traffic in the VDOMs in virtual cluster 1 is processed by the primary FortiGate 7000E and all traffic in the VDOMs in virtual cluster 2 is processed by the secondary FortiGate 7000E. The FGCP selects the primary and secondary FortiGate 7000E whenever the cluster negotiates. The primary FortiGate 7000E can dynamically change based on FGCP HA primary unit selection criteria.
If a failure occurs and only one FortiGate 7000E continues to operate, all traffic fails over to that FortiGate 7000E, similar to normal FGCP HA. When the failed FortiGate 7000Erejoins the cluster, the configured traffic distribution is restored.
For more information about virtual clustering see HA virtual cluster setup.
If you don't want active-passive virtual clustering to distribute traffic between FortiGate 7000Es, you can configure VDOM partitioning to send traffic for all VDOMs to the primary FortiGate 7000E. The result is the same as standard active-passive FCGP HA, all traffic is processed by the primary FortiGate 7000E. |
Virtual clustering creates a cluster between instances of each VDOM on the two FortiGate 7000Es in the virtual cluster. All traffic to and from a given VDOM is sent to one of the FortiGate 7000Es where it stays within its VDOM and is only processed by that VDOM. One FortiGate 7000E is the primary FortiGate 7000E for each VDOM and one FortiGate 7000E is the secondary FortiGate 7000E for each VDOM. The primary FortiGate 7000E processes all traffic for its VDOMs. The secondary FortiGate 7000E processes all traffic for its VDOMs.
HA heartbeat and session synchronization provides the same HA services in a virtual clustering configuration as in a standard HA configuration. One set of HA heartbeat interfaces provides HA heartbeat and session synchronization services for all of the VDOMs in the cluster. You do not have to add a heartbeat interface for each VDOM.