Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

GUI configuration steps

Use the following procedures to configure the FortiManager units for HA operation from the FortiManager unit GUI. It assumes you are starting with three FortiManager units with factory default configurations. The primary unit and the first backup unit are connected to the same network. The second backup unit is connected to a remote network and communicates with the primary unit over the Internet. Sample configuration settings are also shown.

To configure the primary unit for HA operation:
  1. Connect to the primary unit GUI.
  2. Go to System Settings > HA.
  3. Configure HA settings.

    Example HA master configuration:

    Operation Mode

    Master

    Peer IP

    172.20.120.23

    Peer SN

    <serial_number>

    Peer IP

    192.268.34.23

    Peer SN

    <serial_number>

    Cluster ID

    15

    Group Password

    password

    File Quota

    4096

    Heartbeat Interval

    5 (Keep the default setting.)

    Failover Threshold

    3 (Keep the default setting.)

  4. Click Apply.
To configure the backup unit on the same network for HA operation:
  1. Connect to the backup unit GUI.
  2. Go to System Settings > HA.
  3. Configure HA settings.

    Example local backup configuration:

    Operation Mode

    Slave

    Priority

    5 (Keep the default setting.)

    Peer IP

    172.20.120.45

    Peer SN

    <serial_number>

    Cluster ID

    15

    Group Password

    password

    File Quota

    4096

    Heartbeat Interval

    5 (Keep the default setting.)

    Failover Threshold

    3 (Keep the default setting.)

  4. Click Apply.
To configure a remote backup unit for HA operation:
  1. Connect to the backup unit GUI.
  2. Go to System Settings > HA.
  3. Configure HA settings.

    Example remote backup configuration:

    Operation Mode

    Slave

    Priority

    5 (Keep the default setting.)

    Peer IP

    192.168.20.23

    Peer SN

    <serial_number>

    Cluster ID

    15

    Group Password

    password

    File Quota

    4096

    Heartbeat Interval

    5 (Keep the default setting.)

    Failover Threshold

    3 (Keep the default setting.)

  4. Click Apply.
To change the network configuration so that the remote backup unit and the primary unit can communicate with each other:

Configure the appropriate firewalls or routers to allow HA heartbeat and synchronization traffic to pass between the primary unit and the remote backup unit using the peer IPs added to the primary unit and remote backup unit configurations.

HA traffic uses TCP port 5199.

To connect the cluster to the networks:
  1. Connect the cluster units.

    No special network configuration is required for the cluster.

  2. Power on the cluster units.

    The units start and use HA heartbeat packets to find each other, establish the cluster, and synchronize their configurations.

To add basic configuration settings to the cluster:

Configure the cluster to connect to your network as required.

GUI configuration steps

Use the following procedures to configure the FortiManager units for HA operation from the FortiManager unit GUI. It assumes you are starting with three FortiManager units with factory default configurations. The primary unit and the first backup unit are connected to the same network. The second backup unit is connected to a remote network and communicates with the primary unit over the Internet. Sample configuration settings are also shown.

To configure the primary unit for HA operation:
  1. Connect to the primary unit GUI.
  2. Go to System Settings > HA.
  3. Configure HA settings.

    Example HA master configuration:

    Operation Mode

    Master

    Peer IP

    172.20.120.23

    Peer SN

    <serial_number>

    Peer IP

    192.268.34.23

    Peer SN

    <serial_number>

    Cluster ID

    15

    Group Password

    password

    File Quota

    4096

    Heartbeat Interval

    5 (Keep the default setting.)

    Failover Threshold

    3 (Keep the default setting.)

  4. Click Apply.
To configure the backup unit on the same network for HA operation:
  1. Connect to the backup unit GUI.
  2. Go to System Settings > HA.
  3. Configure HA settings.

    Example local backup configuration:

    Operation Mode

    Slave

    Priority

    5 (Keep the default setting.)

    Peer IP

    172.20.120.45

    Peer SN

    <serial_number>

    Cluster ID

    15

    Group Password

    password

    File Quota

    4096

    Heartbeat Interval

    5 (Keep the default setting.)

    Failover Threshold

    3 (Keep the default setting.)

  4. Click Apply.
To configure a remote backup unit for HA operation:
  1. Connect to the backup unit GUI.
  2. Go to System Settings > HA.
  3. Configure HA settings.

    Example remote backup configuration:

    Operation Mode

    Slave

    Priority

    5 (Keep the default setting.)

    Peer IP

    192.168.20.23

    Peer SN

    <serial_number>

    Cluster ID

    15

    Group Password

    password

    File Quota

    4096

    Heartbeat Interval

    5 (Keep the default setting.)

    Failover Threshold

    3 (Keep the default setting.)

  4. Click Apply.
To change the network configuration so that the remote backup unit and the primary unit can communicate with each other:

Configure the appropriate firewalls or routers to allow HA heartbeat and synchronization traffic to pass between the primary unit and the remote backup unit using the peer IPs added to the primary unit and remote backup unit configurations.

HA traffic uses TCP port 5199.

To connect the cluster to the networks:
  1. Connect the cluster units.

    No special network configuration is required for the cluster.

  2. Power on the cluster units.

    The units start and use HA heartbeat packets to find each other, establish the cluster, and synchronize their configurations.

To add basic configuration settings to the cluster:

Configure the cluster to connect to your network as required.