Preparing the FortiGates
- If required, upgrade the firmware running on the FortiGates. All FortiGates must be running the same version of FortiOS.
- If this is a new FortiGate that has never been used, you can skip this step.
Reset the backup FortiGate to factory default settings using the following CLI command:
execute factoryreset
- In some cases, after resetting to factory defaults, you might want to make some initial configuration changes to connect the FortiGates to the network. In this example, the LAN switch on the FortiGate-51Es was converted to separate lan1 to lan5 interfaces.
- On the primary FortiGate, go to System > Settings and change the Host name to identify this as the primary FortiGate in the HA cluster.
- On the backup FortiGate, go to System > Settings and change the Host name to identify this as the backup FortiGate.
You can also use the CLI to change the host name. From the Primary FortiGate:
config system global
set hostname Primary
end
From the Backup-1 FortiGate:
config system global
set hostname Backup
end
- Register and apply licenses to the primary FortiGate before configuring it for HA operation. This includes licensing for FortiCare Support, IPS, AntiVirus, Web Filtering, Mobile Malware, FortiClient, FortiCloud, and additional virtual domains (VDOMs).
All FortiGates in the cluster must have the same level of licensing for FortiGuard, FortiCloud, FortiClient, and VDOMs. You can add FortiToken licenses at any time because they're synchronized with all cluster members.
If the FortiGates in the cluster will run FortiOS Carrier, apply the FortiOS Carrier license before you apply other licenses and before you configure the cluster. When you apply the FortiOS Carrier license, the FortiGate resets its configuration to factory defaults, requiring you to repeat steps performed before applying the license.