Fortinet black logo

Administration Guide

Primary and secondary configuration

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:778215
Download PDF

Primary and secondary configuration

Configure the High Availability appliances through the High Availability tab on the Administration view.

Note

It is recommended that you use a Shared IP address in your High Availability configuration whenever possible. This prevents the Administrator from having to use separate IP Addresses to manage the servers that are in control and alleviates communication issues with the Persistent Agent.

Note

If your Primary and Secondary servers are on different subnets, a Shared IP address cannot be used. Make sure that communication between the subnets is configured in advance.

To access the High Availability configuration view on FortiNAC Server or Control Server appliances, click System > Settings > System Management > High Availability.

To access the High Availability tab on FortiNAC Control Manager appliances:

  1. Log into FortiNAC Control Manager.
  2. Select the Management View tab.
  3. Click the Administration button.
  4. Click the High Availability tab.
  5. Additional information is available in the FortiNAC Control Manager documentation.
Note

When you click Apply on the Administration High Availability Tab, the primary server tries to communicate with the secondary to ensure that the database will be replicated. If the primary server cannot communicate with the secondary, it continues to try until communication is established.

High availability

The information you enter into the view is written to files on all of the appliances involved, configures the ssh keys for all the specified appliances and configures mysql for replication. All appliances in the configuration are restarted and placed into High Availability mode when you click Apply and acknowledge the success message.

Note

Use the High Availability tab for all changes to the configuration. If you manually edit the files on the appliance, values in the files will not be reflected on the High Availability tab.

Settings

Field

Description

Shared IP configuration

Use Shared IP Address

Enables the use of a shared IP address in the High Availability configuration. If enabled, the administrator can manage whichever appliance that is in control with the shared IP address instead of the actual host IP address.

If your primary and secondary servers are not in the same subnet, do not use a shared IP address.

Shared IP Address

The shared IP address for the High Availability configuration. Added to the /etc/hosts file when the configuration is saved.

Shared Subnet Mask (bits)

The shared subnet mask in bits. For example, 255.255.255.0 = 24 bits. If you are using a Shared IP Address, this field is required.

Shared Host Name

Part of the an entry in the /etc/hosts file for the shared IP address. Admin users can access the UI using either the Shared IP address or the shared host name.

Server configuration

Primary Appliance

  • IP Address—IP address assigned to eth0 for the primary.
  • Gateway IP Address—IP address pinged by the appliances to determine if network connectivity is still available.
  • CLI/SSH root Password [User:root]—root password on the appliance itself. Allows settings to be written to the appliance.
  • Retype root CLI/SSH Password [User:root]—retype the password entered in the CLI/SSH root Password field for confirmation.

Secondary Appliance

  • IP Address—IP address assigned to eth0 for the secondary.
  • Host Name — Name assigned to the secondary.
  • Gateway IP Address—IP Address that pinged by the appliances to determine if network connectivity is still available.
  • CLI/SSH root Password [User:root]—root password on the appliance itself. Allows settings to be written to the appliance.
  • Retype root CLI/SSH Password [User:root]—retype the password entered in the CLI/SSH root Password field for confirmation.

Primary and secondary configuration

Configure the High Availability appliances through the High Availability tab on the Administration view.

Note

It is recommended that you use a Shared IP address in your High Availability configuration whenever possible. This prevents the Administrator from having to use separate IP Addresses to manage the servers that are in control and alleviates communication issues with the Persistent Agent.

Note

If your Primary and Secondary servers are on different subnets, a Shared IP address cannot be used. Make sure that communication between the subnets is configured in advance.

To access the High Availability configuration view on FortiNAC Server or Control Server appliances, click System > Settings > System Management > High Availability.

To access the High Availability tab on FortiNAC Control Manager appliances:

  1. Log into FortiNAC Control Manager.
  2. Select the Management View tab.
  3. Click the Administration button.
  4. Click the High Availability tab.
  5. Additional information is available in the FortiNAC Control Manager documentation.
Note

When you click Apply on the Administration High Availability Tab, the primary server tries to communicate with the secondary to ensure that the database will be replicated. If the primary server cannot communicate with the secondary, it continues to try until communication is established.

High availability

The information you enter into the view is written to files on all of the appliances involved, configures the ssh keys for all the specified appliances and configures mysql for replication. All appliances in the configuration are restarted and placed into High Availability mode when you click Apply and acknowledge the success message.

Note

Use the High Availability tab for all changes to the configuration. If you manually edit the files on the appliance, values in the files will not be reflected on the High Availability tab.

Settings

Field

Description

Shared IP configuration

Use Shared IP Address

Enables the use of a shared IP address in the High Availability configuration. If enabled, the administrator can manage whichever appliance that is in control with the shared IP address instead of the actual host IP address.

If your primary and secondary servers are not in the same subnet, do not use a shared IP address.

Shared IP Address

The shared IP address for the High Availability configuration. Added to the /etc/hosts file when the configuration is saved.

Shared Subnet Mask (bits)

The shared subnet mask in bits. For example, 255.255.255.0 = 24 bits. If you are using a Shared IP Address, this field is required.

Shared Host Name

Part of the an entry in the /etc/hosts file for the shared IP address. Admin users can access the UI using either the Shared IP address or the shared host name.

Server configuration

Primary Appliance

  • IP Address—IP address assigned to eth0 for the primary.
  • Gateway IP Address—IP address pinged by the appliances to determine if network connectivity is still available.
  • CLI/SSH root Password [User:root]—root password on the appliance itself. Allows settings to be written to the appliance.
  • Retype root CLI/SSH Password [User:root]—retype the password entered in the CLI/SSH root Password field for confirmation.

Secondary Appliance

  • IP Address—IP address assigned to eth0 for the secondary.
  • Host Name — Name assigned to the secondary.
  • Gateway IP Address—IP Address that pinged by the appliances to determine if network connectivity is still available.
  • CLI/SSH root Password [User:root]—root password on the appliance itself. Allows settings to be written to the appliance.
  • Retype root CLI/SSH Password [User:root]—retype the password entered in the CLI/SSH root Password field for confirmation.