Fortinet black logo

Administration Guide

Requirements before Configuring a HA-Cluster

Copy Link
Copy Doc ID 919d33aa-22ba-11eb-96b9-00505692583a:522775
Download PDF

Requirements before Configuring a HA-Cluster

  • The scan environment on all cluster nodes should be the same.

    For example, the same set of Windows VM should be installed on all nodes so the same scan profile can be used.

  • HA-Cluster requires all nodes to have port1 to be accessible. Nodes use that port to communicate with each other.

    Port1 is the admin port by default. Other available ports can also be used as the admin port.

  • Port3 on all nodes should be connected to the Internet separately.
  • All nodes should be on the same firmware build.
  • Each node should have a dedicated network port for internal cluster communication.

    Internal cluster communication is encrypted and includes:

    • Job dispatch
    • Job result reply
    • Setting synchronization
    • Cluster topology broadcasting

    We recommend that these ports be connected to the same switch and have IP addresses in the same subnet. If the job load is heavy, we recommend using the 10G fiber port as the internal communication port.

    Note

    Port1 and any other administrative port set through the CLI command set admin-port are not recommended to be used as the internal communication port.

Requirements before Configuring a HA-Cluster

  • The scan environment on all cluster nodes should be the same.

    For example, the same set of Windows VM should be installed on all nodes so the same scan profile can be used.

  • HA-Cluster requires all nodes to have port1 to be accessible. Nodes use that port to communicate with each other.

    Port1 is the admin port by default. Other available ports can also be used as the admin port.

  • Port3 on all nodes should be connected to the Internet separately.
  • All nodes should be on the same firmware build.
  • Each node should have a dedicated network port for internal cluster communication.

    Internal cluster communication is encrypted and includes:

    • Job dispatch
    • Job result reply
    • Setting synchronization
    • Cluster topology broadcasting

    We recommend that these ports be connected to the same switch and have IP addresses in the same subnet. If the job load is heavy, we recommend using the 10G fiber port as the internal communication port.

    Note

    Port1 and any other administrative port set through the CLI command set admin-port are not recommended to be used as the internal communication port.