Fortinet black logo

Administration Guide

Requirements before Configuring a HA Cluster

Copy Link
Copy Doc ID af12b5b0-1c45-11ea-9384-00505692583a:522775
Download PDF

Requirements before Configuring a HA Cluster

  1. The scan environment on all cluster nodes should be the same.

    For example, the same set of Windows VM should be installed on all nodes so the same scan profile can be used.

  2. Port3 on all nodes should be connected to the Internet separately.
  3. All nodes should be on the same firmware build.
  4. Each node should have a dedicated network port for internal cluster communication.

    Internal cluster communication is encrypted and includes:

    • Job dispatch
    • Job result reply
    • Setting synchronization
    • Cluster topology broadcasting

    It's recommended that these ports are connected to the same switch and have IP addresses in the same subnet. If the job load is heavy, the 10G fiber port is recommended to be used as the internal communication port.

    Note

    Port1 and any other administrative port set through the CLI command set admin-port are not recommended to be used as the internal communication port.

Requirements before Configuring a HA Cluster

  1. The scan environment on all cluster nodes should be the same.

    For example, the same set of Windows VM should be installed on all nodes so the same scan profile can be used.

  2. Port3 on all nodes should be connected to the Internet separately.
  3. All nodes should be on the same firmware build.
  4. Each node should have a dedicated network port for internal cluster communication.

    Internal cluster communication is encrypted and includes:

    • Job dispatch
    • Job result reply
    • Setting synchronization
    • Cluster topology broadcasting

    It's recommended that these ports are connected to the same switch and have IP addresses in the same subnet. If the job load is heavy, the 10G fiber port is recommended to be used as the internal communication port.

    Note

    Port1 and any other administrative port set through the CLI command set admin-port are not recommended to be used as the internal communication port.