FortiManager high availability (HA) provides a solution for a key requirement of critical enterprise management and networking components: enhanced reliability. Understanding what’s required for FortiManager reliability begins with understanding what normal FortiManager operations are and how to make sure normal operations continue if a FortiManager unit fails.
Most of the FortiManager operations involve storing FortiManager and FortiGate configuration and related information in the FortiManager database on the FortiManager unit hard disk. A key way to enhance reliability of FortiManager is to protect the data in the FortiManager database from being lost if the FortiManager unit fails. This can be achieved by dynamically backing up FortiManager database changes to one or more backup FortiManager units. Then, if the operating FortiManager unit fails, a backup FortiManager unit can take the place of the failed unit.
FortiAnalyzer Features must be disabled on FortiManager before you can form a FortiManager HA cluster. A FortiManager HA cluster can have a maximum of five units: one primary unit with up to four backup or secondary units. All units in the cluster must be of the same FortiManager series. All units are visible on the network.
The primary unit and the secondary units can be in the same location or different locations. FortiManager HA supports geographic redundancy so the primary unit and secondary units can be in different locations attached to different networks as long as communication is possible between them (for example, on the Internet, on a WAN, or in a private network).
Administrators connect to the primary unit GUI or CLI to perform FortiManager operations. Managed devices connect with the primary unit for normal management operations (configuration push, auto-update, firmware upgrade, and so on). If FortiManager is used to distribute FortiGuard updates to managed devices, managed devices can connect to the primary FortiManager unit or one of the secondary units.
FortiManager supports manual and automatic (VRRP) failover settings. Automatic failover can be enabled by selecting the VRRP failover mode during HA configuration. See Configuring HA options.
When using manual failover settings, you must manually configure one of the secondary units to become the primary unit when the primary unit fails. The new primary unit will keep its IP address. FortiManager's IP address registered on FortiGate will be automatically changed when the new primary unit is selected.
You don't need to reboot the FortiManager device when it is promoted from a backup to the primary unit.
When devices with different licenses are used to create an HA cluster, the license that allows for the smallest number of managed devices is used.