Fortinet white logo
Fortinet white logo

Administration Guide

Scalable cluster

Scalable cluster

Caution

All existing data from the secondary instances is deleted when they are added to the cluster.

A cluster consists of a primary unit and two or more standby secondary units. A minimum of three units is required to set up a cluster. If the primary unit becomes unavailable, one of the standby secondaries will become the new primary.

In a FortiPortal cluster, the license limit is the combined license limit of all the FortiPortal instances in a cluster.

Scalable clusters have the following benefits:

  • All the instances are active in a cluster and can serve requests in parallel.

  • Data can be synchronized across all cluster members in real-time. When options are updated in a primary unit, the changes are applied to all the secondary units in the cluster.

  • The cluster can be scaled horizontally by adding new FortiPortal instances.

  • The built-in load balancer is available to distribute loads across all instances in a cluster.

The following roles are available:

  • Primary: The FortiPortal is the primary in a high-availability cluster.

  • Secondary: The FortiPortal is a secondary in a high-availability cluster.

  • Standalone: The FortiPortal is independent of a high-availability cluster. This is the default setting. Use it if you intend to keep the FortiPortal instance independent of a cluster.

The nodes of a scalable cluster can be removed from the cluster and reset to standalone mode. See Deleting and resetting cluster nodes.

Caution

When a FortiPortal VM is switched off, the license information will expire after 90 minutes. You will need to wait for 90 minutes before provisioning a new VM.

To set up a FortiPortal cluster:
  1. Prepare your system for the cluster.

    1. If the Certificate Information and Upload License related options in System > Settings need to be updated, they should be updated in the primary unit before setting up the cluster.

    2. If the firmware, restore, and backup options in the Dashboard need to be updated, they should be updated in the primary unit before setting up a cluster.

    Caution

    Make sure all cluster nodes have the same system configuration (number of CPUs, size of memory, etc.), otherwise the cluster may fail to form.

    Caution

    The following ports must be open between the FortiPortal instances:

    • 2379

    • 2380

    • 6443

    • 7472

    • 7946

    • 10250

  2. Set up the primary instance.

    1. Log in to the primary FortiPortal instance.
    2. Go to System > Settings > Scalable Cluster.
    3. In the Operational Mode field, select Primary.
    4. In the Cluster Password field, set a password for the cluster. This password cannot be retrieved or changed once it is set.
    5. Click Create Cluster.
  3. Set up two or more secondary units.

    1. Log in to another FortiPortal instance.
    2. Go to System > Settings > Scalable Cluster.
    3. In the Operational Mode field, select Secondary.
    4. In the Cluster Password field, enter the cluster password you set on the primary instance.
    5. In the Primary FPC IP field, enter the IP address of the primary instance.
    6. In the Serial Number field, enter the serial number of the primary instance.
    7. Click Join.
    8. Repeat step 3 to add additional secondary instances to the cluster.
  4. Configure the load balancer (optional).

    1. Log in to one of the FortiPortal instances in the cluster.

    2. Go to System > Settings > Scalable Cluster.

    3. In the Load Balancer IP Range field, enter an IP address in the same subnet as the cluster instances. This IP should be one that is not assigned to any devices.

    4. Click Update.

      The load balancer IP configuration is automatically applied across all instances of the cluster.

      After upgrading a FortiPortal instance, you must set the load balancer IP address again.

Deleting and resetting cluster nodes

Scalable cluster nodes can be deleted from the cluster and reset to standalone mode.

Caution

You can only delete or reset nodes from a three-node cluster.

Two-node clusters can not be modified.

Deleting a node

Deleting a node from a cluster keeps the cluster intact but with the deleted node offline.

The deleted node is not reset to standalone mode. After deleting the node, you can add a new node to the cluster or add the deleted node back to the cluster after it is reset.

After you delete a node from the cluster, the node is no longer accessible through the GUI, and must be reset to standalone mode before GUI access is enabled. See Resetting a node.

To delete a node from a cluster in the GUI:

In System > Settings > Scalable Cluster, click Delete on the node to be removed.

Resetting a node

Resetting returns all data on the FortiPortal device to the original defaults, with the exception of configured ports and routes. It will not retain any other settings from the cluster.

If you reset a primary node, the cluster is immediately unusable.

If you reset one secondary node, the cluster is still functional but the reset node become standalone. It cannot rejoin the cluster.

To reset a node to standalone mode:

In the CLI on the node to be reset, run the following command:

execute reset

This fully resets the node to default settings, excepting any configured interfaces and routes.

Scalable cluster

Scalable cluster

Caution

All existing data from the secondary instances is deleted when they are added to the cluster.

A cluster consists of a primary unit and two or more standby secondary units. A minimum of three units is required to set up a cluster. If the primary unit becomes unavailable, one of the standby secondaries will become the new primary.

In a FortiPortal cluster, the license limit is the combined license limit of all the FortiPortal instances in a cluster.

Scalable clusters have the following benefits:

  • All the instances are active in a cluster and can serve requests in parallel.

  • Data can be synchronized across all cluster members in real-time. When options are updated in a primary unit, the changes are applied to all the secondary units in the cluster.

  • The cluster can be scaled horizontally by adding new FortiPortal instances.

  • The built-in load balancer is available to distribute loads across all instances in a cluster.

The following roles are available:

  • Primary: The FortiPortal is the primary in a high-availability cluster.

  • Secondary: The FortiPortal is a secondary in a high-availability cluster.

  • Standalone: The FortiPortal is independent of a high-availability cluster. This is the default setting. Use it if you intend to keep the FortiPortal instance independent of a cluster.

The nodes of a scalable cluster can be removed from the cluster and reset to standalone mode. See Deleting and resetting cluster nodes.

Caution

When a FortiPortal VM is switched off, the license information will expire after 90 minutes. You will need to wait for 90 minutes before provisioning a new VM.

To set up a FortiPortal cluster:
  1. Prepare your system for the cluster.

    1. If the Certificate Information and Upload License related options in System > Settings need to be updated, they should be updated in the primary unit before setting up the cluster.

    2. If the firmware, restore, and backup options in the Dashboard need to be updated, they should be updated in the primary unit before setting up a cluster.

    Caution

    Make sure all cluster nodes have the same system configuration (number of CPUs, size of memory, etc.), otherwise the cluster may fail to form.

    Caution

    The following ports must be open between the FortiPortal instances:

    • 2379

    • 2380

    • 6443

    • 7472

    • 7946

    • 10250

  2. Set up the primary instance.

    1. Log in to the primary FortiPortal instance.
    2. Go to System > Settings > Scalable Cluster.
    3. In the Operational Mode field, select Primary.
    4. In the Cluster Password field, set a password for the cluster. This password cannot be retrieved or changed once it is set.
    5. Click Create Cluster.
  3. Set up two or more secondary units.

    1. Log in to another FortiPortal instance.
    2. Go to System > Settings > Scalable Cluster.
    3. In the Operational Mode field, select Secondary.
    4. In the Cluster Password field, enter the cluster password you set on the primary instance.
    5. In the Primary FPC IP field, enter the IP address of the primary instance.
    6. In the Serial Number field, enter the serial number of the primary instance.
    7. Click Join.
    8. Repeat step 3 to add additional secondary instances to the cluster.
  4. Configure the load balancer (optional).

    1. Log in to one of the FortiPortal instances in the cluster.

    2. Go to System > Settings > Scalable Cluster.

    3. In the Load Balancer IP Range field, enter an IP address in the same subnet as the cluster instances. This IP should be one that is not assigned to any devices.

    4. Click Update.

      The load balancer IP configuration is automatically applied across all instances of the cluster.

      After upgrading a FortiPortal instance, you must set the load balancer IP address again.

Deleting and resetting cluster nodes

Scalable cluster nodes can be deleted from the cluster and reset to standalone mode.

Caution

You can only delete or reset nodes from a three-node cluster.

Two-node clusters can not be modified.

Deleting a node

Deleting a node from a cluster keeps the cluster intact but with the deleted node offline.

The deleted node is not reset to standalone mode. After deleting the node, you can add a new node to the cluster or add the deleted node back to the cluster after it is reset.

After you delete a node from the cluster, the node is no longer accessible through the GUI, and must be reset to standalone mode before GUI access is enabled. See Resetting a node.

To delete a node from a cluster in the GUI:

In System > Settings > Scalable Cluster, click Delete on the node to be removed.

Resetting a node

Resetting returns all data on the FortiPortal device to the original defaults, with the exception of configured ports and routes. It will not retain any other settings from the cluster.

If you reset a primary node, the cluster is immediately unusable.

If you reset one secondary node, the cluster is still functional but the reset node become standalone. It cannot rejoin the cluster.

To reset a node to standalone mode:

In the CLI on the node to be reset, run the following command:

execute reset

This fully resets the node to default settings, excepting any configured interfaces and routes.