Fortinet black logo

Administration Guide

Home FortiManager 7.2.1 Administration Guide

FortiManager supports FortiGate auto-scale clusters

7.2.1
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Copy Link
Copy Doc ID 04f80bb3-e03c-11ec-bb32-fa163e15d75b:868915
Download PDF

FortiManager supports FortiGate auto-scale clusters

FortiManager supports the public cloud functionality to scale-in or scale-out the number of FortiGate-VMs on-demand using auto-scaling. When an auto-scale event is triggered, the public cloud platform will launch a new FortiGate-VM and it will appear automatically on FortiManager as an authorized device in the Device Manager. When a scale-in event occurs, the device will automatically removed from FortiManager.

Example of how FortiManager manages auto-scale clusters

As an example, an administrator creates an auto-scale cluster on the public cloud with two FortiGate-VMs which includes a rule to trigger a scale-out event when the CPU or network utilization exceeds 70% capacity. The scale-out event increases the number of FortiGate-VMs in the cluster to three so that the additional traffic can be managed.

In the event of a scale-out, the newly added FortiGate device syncs with the Primary FortiGate in the cluster and fetches the FortiManager configuration. Once the deployment and sync is complete on the new FortiGate, the device is authorized and added to the existing cluster on the FortiManager.

A separate rule specifies that when the CPU or network utilization is less than 10%, a scale-in event occurs to reduce the number of FortiGate-VMs back to two. When the scale-in event occurs, the third FortiGate device is automatically removed from FortiManager.

These changes are reflected on the FortiManager without any manual intervention required.

Tooltip

The amount of time required for FortiManager to add or remove FortiGate devices to or from the cluster depends upon the time it takes to deploy or terminate the FortiGate-VM on the cloud, and for the FortiGate clusters to resync.
To manage FortiGate auto-scale clusters on FortiManager:
  1. Add the auto-scale cluster to FortiManager:
    • Add the FortiGate auto-scale cluster to FortiManager for the first time using the IP address of the Primary FortiGate. Once the configuration between the cluster members are in sync, the remaining devices are added to the FortiManager automatically.
    • Alternatively, you can configure the FortiManager Fabric Connector on the Primary FortiGate to add the cluster to FortiManager.
    • You can check the Serial Number, Hostname, HA Status and elastic IP of the FortiGate cluster devices in the Device Manager.
    • Administrators can check the HA mode (i.e. auto-scale) along with cluster members, roles, and the elastic IP in the device database.
  2. When a scale-out event occurs where the number of FortiGate devices in the cluster increases, once the newly added FortiGate becomes a part of the cluster and syncs its configuration with the cluster's Primary device, it is added to FortiManager.
    On FortiManager, the device is automatically authorized and added to the existing cluster without manual intervention.
  3. When a scale-in event occurs where the number of FortiGate devices in the cluster decreases, once the FortiGate is removed from the cluster on the cloud and the FGFM expires on the FortiManager, the FortiGate device will be removed from the cluster on FortiManager.
  4. During any scale-in event, if the Primary FortiGate is removed from the cluster on the cloud, then FortiManager will be able to detect the change and will reflect the state of the new Primary and Secondary devices in the Device Manager.
    In the example image below the Primary FortiGate failed and there was an auto-scale event to replace it. The new Primary FortiGate is displayed on FortiManager.
Previous
Next

FortiManager supports FortiGate auto-scale clusters

FortiManager supports the public cloud functionality to scale-in or scale-out the number of FortiGate-VMs on-demand using auto-scaling. When an auto-scale event is triggered, the public cloud platform will launch a new FortiGate-VM and it will appear automatically on FortiManager as an authorized device in the Device Manager. When a scale-in event occurs, the device will automatically removed from FortiManager.

Example of how FortiManager manages auto-scale clusters

As an example, an administrator creates an auto-scale cluster on the public cloud with two FortiGate-VMs which includes a rule to trigger a scale-out event when the CPU or network utilization exceeds 70% capacity. The scale-out event increases the number of FortiGate-VMs in the cluster to three so that the additional traffic can be managed.

In the event of a scale-out, the newly added FortiGate device syncs with the Primary FortiGate in the cluster and fetches the FortiManager configuration. Once the deployment and sync is complete on the new FortiGate, the device is authorized and added to the existing cluster on the FortiManager.

A separate rule specifies that when the CPU or network utilization is less than 10%, a scale-in event occurs to reduce the number of FortiGate-VMs back to two. When the scale-in event occurs, the third FortiGate device is automatically removed from FortiManager.

These changes are reflected on the FortiManager without any manual intervention required.

Tooltip

The amount of time required for FortiManager to add or remove FortiGate devices to or from the cluster depends upon the time it takes to deploy or terminate the FortiGate-VM on the cloud, and for the FortiGate clusters to resync.
To manage FortiGate auto-scale clusters on FortiManager:
  1. Add the auto-scale cluster to FortiManager:
    • Add the FortiGate auto-scale cluster to FortiManager for the first time using the IP address of the Primary FortiGate. Once the configuration between the cluster members are in sync, the remaining devices are added to the FortiManager automatically.
    • Alternatively, you can configure the FortiManager Fabric Connector on the Primary FortiGate to add the cluster to FortiManager.
    • You can check the Serial Number, Hostname, HA Status and elastic IP of the FortiGate cluster devices in the Device Manager.
    • Administrators can check the HA mode (i.e. auto-scale) along with cluster members, roles, and the elastic IP in the device database.
  2. When a scale-out event occurs where the number of FortiGate devices in the cluster increases, once the newly added FortiGate becomes a part of the cluster and syncs its configuration with the cluster's Primary device, it is added to FortiManager.
    On FortiManager, the device is automatically authorized and added to the existing cluster without manual intervention.
  3. When a scale-in event occurs where the number of FortiGate devices in the cluster decreases, once the FortiGate is removed from the cluster on the cloud and the FGFM expires on the FortiManager, the FortiGate device will be removed from the cluster on FortiManager.
  4. During any scale-in event, if the Primary FortiGate is removed from the cluster on the cloud, then FortiManager will be able to detect the change and will reflect the state of the new Primary and Secondary devices in the Device Manager.
    In the example image below the Primary FortiGate failed and there was an auto-scale event to replace it. The new Primary FortiGate is displayed on FortiManager.
Previous
Next