Fortinet 60c manual Group ID MAC Address

Page 48

Configuring FortiGate units for HA operation

 

High availability installation

 

 

 

 

 

Table 10: High availability settings

 

 

 

 

 

 

Active-Active

Load balancing and failover HA. Each FortiGate unit in the

 

 

 

HA cluster actively processes connections and monitors the

 

 

 

status of the other FortiGate units in the cluster. The

 

 

 

primary FortiGate unit in the cluster controls load balancing.

 

Mode

 

 

 

Active-Passive

Failover HA. The primary FortiGate unit in the cluster

 

 

 

processes all connections. All other FortiGate units in the

 

 

 

cluster are passively monitor the cluster status and remain

 

 

 

synchronized with the primary FortiGate unit.

 

 

 

 

 

 

All members of

the HA cluster must be set to the same HA mode.

 

 

 

 

 

The group ID range is from 0 to 63. All members of the HA cluster must have

 

 

the same group ID.

 

 

When the FortiGate units in the cluster are switched to HA mode, all of the

 

 

interfaces of all of the units in the cluster get the same virtual MAC address.

 

 

This virtual MAC address is set according to the group ID.

 

 

 

 

 

 

Group ID

MAC Address

 

 

 

 

 

 

0

00-09-0f-06-ff-00

 

 

 

 

 

Group ID

1

00-09-0f-06-ff-01

 

 

 

 

2

00-09-0f-06-ff-02

 

 

 

 

 

 

 

 

3

00-09-0f-06-ff-03

 

 

 

 

 

 

 

 

 

 

 

 

 

63

00-09-0f-06-ff-3f

 

 

 

 

 

 

If you have more

than one HA cluster on the same network, each cluster

 

 

should have a different group ID. If two clusters on the same network have

 

 

same group ID, the duplicate MAC addresses cause addressing conflicts on

 

 

the network.

 

 

 

 

 

 

The unit with the highest priority becomes the primary unit in the cluster. The

 

 

unit priority range is 0 to 255. The default unit priority is 128.

 

Unit priority

Set the unit priority to a higher value if you want the FortiGate unit to be the

 

primary cluster unit. Set the unit priority to a lower value if you want the

 

 

FortiGate unit to be a subordinate unit in the cluster. If all units have the

 

 

same priority, the FortiGate unit with the highest serial number becomes the

 

 

primary cluster unit.

 

 

 

 

Override

You can configure a FortiGate unit to always become the primary unit in the

 

Master

cluster by giving it a high priority and by selecting Override master.

 

 

 

 

48

01-28008-0018-20050128

Fortinet Inc.

Page 47 Page 49
Image 48
Page 47 Page 49
Contents Installation Guide January 01-28008-0018-20050128Trademarks Regulatory ComplianceTable of Contents Index Secure installation, configuration, and management IntroductionCommand line interface Web-based managerSetup wizard Document conventionsFortiGate Installation Guide FortiGate documentationRelated documentation Fortinet Knowledge CenterComments on Fortinet technical documentation FortiManager documentationCustomer service and technical support FortiMail documentationFortiLog documentation Customer service and technical support Customer service and technical support Getting started Package contents MountingTurning the FortiGate unit power on and off Power requirementsEnvironmental specifications To power on the FortiGate unitConnecting to the web-based manager To connect to the web-based managerConnecting to the command line interface CLI To connect to the CLIBits per second 9600 Data bits Parity Stop bits Flow controlQuick installation using factory defaults Go to System Network DNSFactory default FortiGate configuration settings Factory default Dhcp server configurationFactory default NAT/Route mode network configuration Factory default Transparent mode network configuration Factory default firewall configurationAdministrative access Management IPFactory default protection profiles StrictScan Planning the FortiGate configuration NAT/Route modeNAT/Route mode with multiple external network connections Example NAT/Route mode network configurationTransparent mode Example NAT/Route multiple internet connection configurationConfiguration options Web-based manager and setup wizardNext steps NAT/Route mode installation Preparing to configure the FortiGate unit in NAT/Route modeUsing the web-based manager Dhcp or PPPoE configurationPPPoE settings User name Password Configuring basic settings To configure interfaces Go to System Network InterfaceTo configure DNS server settings Go to System Network DNS To add a default routeUsing the command line interface Configuring the FortiGate unit to operate in NAT/Route modeTo add/change the administrator password To configure interfacesExample Get system interfaceUsing the setup wizard To configure DNS server settingsSetup wizard settings Password External InterfaceDhcp server Internal serversConnecting the FortiGate unit to the networks Starting the setup wizardSetup wizard settings Antivirus FortiGate-60 NAT/Route mode connections FortiGate-60Configuring the networks Configuring the Modem interfaceGo to System Config Time To configure virus, attack, and spam definition updatesTo set the date and time To register the FortiGate unitGo to System Maintenance Update Center Transparent mode installation Preparing to configure Transparent modeTo change the Management IP Go to System Network Management Management IPReconnecting to the web-based manager To change to Transparent mode using the CLITo configure the management IP address To configure the default gatewayTo start the setup wizard Connecting the FortiGate unit to your network Internal To register your FortiGate unit Go to System Maintenance Update Center High availability installation Configuring FortiGate units for HA operationHigh availability configuration settings Priorities of heartbeat device and monitor prioritiesGroup ID MAC Address To change the FortiGate unit host name Configuring FortiGate units for HA using the CLI Config system global Set hostname namestr endConnecting the cluster to your networks To configure the FortiGate unit for HA operationHA network configuration To connect the clusterInstalling and configuring the cluster Installing and configuring the cluster Configuring the modem interface Selecting a modem modeRedundant mode configuration Standalone mode configuration To operate in standalone mode Go to System Network ModemConfiguring modem settings ModeAuto-dial Redundant forConnecting and disconnecting the modem in Standalone mode To configure modem settings Go to System Network ModemTo connect to a dialup account Go to System Network Modem Defining a Ping Server Dead gateway detectionTo disconnect the modem ISPAdding firewall policies for modem connections Index CLIIndex
Top Page Image Contents