Fortinet white logo
Fortinet white logo

FortiGate-6000 Administration Guide

Virtual clustering

Virtual clustering

A virtual cluster consists of two FortiGate 6000Fs operating in active-passive HA mode with Multi VDOM mode enabled. Virtual clustering is an extension of FGCP HA that uses VDOM partitioning to send traffic for some VDOMs to the primary FortiGate 6000F and traffic for other VDOMs to the secondary FortiGate 6000F. Distributing traffic between the FortiGate 6000Fs in a virtual cluster is similar to load balancing and can potentially improve overall throughput. You can adjust VDOM partitioning at any time to optimize traffic distribution without interrupting traffic flow.

VDOM partitioning distributes VDOMs between two virtual clusters (virtual cluster 1 and virtual cluster 2). When configuring virtual clustering you would normally set the device priority of virtual cluster 1 higher for the primary FortiGate 6000F and the device priority of virtual cluster 2 higher for the secondary FortiGate 6000F. With this configuration, all traffic in the VDOMs in virtual cluster 1 is processed by the primary FortiGate 6000F and all traffic in the VDOMs in virtual cluster 2 is processed by the secondary FortiGate 6000F. The FGCP selects the primary and secondary FortiGate 6000F whenever the cluster negotiates. The primary FortiGate 6000F can dynamically change based on FGCP HA primary unit selection criteria.

If a failure occurs and only one FortiGate 6000F continues to operate, all traffic fails over to that FortiGate 6000F, similar to normal FGCP HA. When the failed FortiGate 6000F rejoins the cluster, the configured traffic distribution is restored.

For more information about virtual clustering see HA virtual cluster setup.

Note

If you don't want active-passive virtual clustering to distribute traffic between FortiGate 6000Fs, you can configure VDOM partitioning to send traffic for all VDOMs to the primary FortiGate 6000F. The result is the same as standard active-passive FCGP HA, all traffic is processed by the primary FortiGate 6000F.

Virtual clustering creates a cluster between instances of each VDOM on the two FortiGate 6000Fs in the virtual cluster. All traffic to and from a given VDOM is sent to one of the FortiGate 6000Fs where it stays within its VDOM and is only processed by that VDOM. One FortiGate 6000F is the primary FortiGate 6000F for each VDOM and one FortiGate 6000F is the secondary FortiGate 6000F for each VDOM. The primary FortiGate 6000F processes all traffic for its VDOMs. The secondary FortiGate 6000F processes all traffic for its VDOMs.

The HA heartbeat and session synchronization provides the same HA services in a virtual clustering configuration as in a standard HA configuration. One set of HA heartbeat interfaces provides HA heartbeat and session synchronization services for all of the VDOMs in the cluster. You do not have to add a heartbeat interface for each VDOM.

Virtual clustering

Virtual clustering

A virtual cluster consists of two FortiGate 6000Fs operating in active-passive HA mode with Multi VDOM mode enabled. Virtual clustering is an extension of FGCP HA that uses VDOM partitioning to send traffic for some VDOMs to the primary FortiGate 6000F and traffic for other VDOMs to the secondary FortiGate 6000F. Distributing traffic between the FortiGate 6000Fs in a virtual cluster is similar to load balancing and can potentially improve overall throughput. You can adjust VDOM partitioning at any time to optimize traffic distribution without interrupting traffic flow.

VDOM partitioning distributes VDOMs between two virtual clusters (virtual cluster 1 and virtual cluster 2). When configuring virtual clustering you would normally set the device priority of virtual cluster 1 higher for the primary FortiGate 6000F and the device priority of virtual cluster 2 higher for the secondary FortiGate 6000F. With this configuration, all traffic in the VDOMs in virtual cluster 1 is processed by the primary FortiGate 6000F and all traffic in the VDOMs in virtual cluster 2 is processed by the secondary FortiGate 6000F. The FGCP selects the primary and secondary FortiGate 6000F whenever the cluster negotiates. The primary FortiGate 6000F can dynamically change based on FGCP HA primary unit selection criteria.

If a failure occurs and only one FortiGate 6000F continues to operate, all traffic fails over to that FortiGate 6000F, similar to normal FGCP HA. When the failed FortiGate 6000F rejoins the cluster, the configured traffic distribution is restored.

For more information about virtual clustering see HA virtual cluster setup.

Note

If you don't want active-passive virtual clustering to distribute traffic between FortiGate 6000Fs, you can configure VDOM partitioning to send traffic for all VDOMs to the primary FortiGate 6000F. The result is the same as standard active-passive FCGP HA, all traffic is processed by the primary FortiGate 6000F.

Virtual clustering creates a cluster between instances of each VDOM on the two FortiGate 6000Fs in the virtual cluster. All traffic to and from a given VDOM is sent to one of the FortiGate 6000Fs where it stays within its VDOM and is only processed by that VDOM. One FortiGate 6000F is the primary FortiGate 6000F for each VDOM and one FortiGate 6000F is the secondary FortiGate 6000F for each VDOM. The primary FortiGate 6000F processes all traffic for its VDOMs. The secondary FortiGate 6000F processes all traffic for its VDOMs.

The HA heartbeat and session synchronization provides the same HA services in a virtual clustering configuration as in a standard HA configuration. One set of HA heartbeat interfaces provides HA heartbeat and session synchronization services for all of the VDOMs in the cluster. You do not have to add a heartbeat interface for each VDOM.