Fortinet 60c manual To connect the cluster, HA network configuration

Page 52

Connecting the cluster to your networks

High availability installation

 

 

Inserting an HA cluster into your network temporarily interrupts communications on the network because new physical connections are being made to route traffic through the cluster. Also, starting the cluster interrupts network traffic until the individual FortiGate units in the cluster are functioning and the cluster completes negotiation. Cluster negotiation normally takes just a few seconds. During system startup and negotiation all network traffic is dropped.

To connect the cluster

1Connect the cluster units:

Connect the internal interfaces of each FortiGate unit to a switch or hub connected to your internal network.

Connect the WAN1 interfaces of each FortiGate unit to a switch or hub connected to your external network.

Connect the DMZ interfaces of the FortiGate units to another switch or hub. By default the DMZ interfaces are used for HA heartbeat communications. These interfaces should be connected together for the HA cluster to function.

Optionally connect the WAN2 interface of each FortiGate unit to a switch or hub connected a second external network.

Figure 12: HA network configuration

Internal Network

Internal WAN1

 

 

 

INTERNAL

 

 

 

 

PWR

STATUS

1

2

3

4

DMZ

WAN1

WAN2

 

 

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

Hub or

 

 

 

 

DMZ

Hub or

Switch

 

 

 

 

 

 

 

 

Switch

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DMZ

 

 

 

INTERNAL

 

 

 

 

PWR

STATUS

1

2

3

4

DMZ

WAN1

WAN2

 

 

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

LINK 100

Router

Internal WAN1

Internet

52

01-28008-0018-20050128

Fortinet Inc.

Page 51 Page 53
Image 52
Page 51 Page 53
Contents Installation Guide January 01-28008-0018-20050128Trademarks Regulatory ComplianceTable of Contents Index Secure installation, configuration, and management IntroductionCommand line interface Web-based managerSetup wizard Document conventionsFortiGate Installation Guide FortiGate documentationRelated documentation Fortinet Knowledge CenterComments on Fortinet technical documentation FortiManager documentationFortiMail documentation Customer service and technical supportFortiLog documentation Customer service and technical support Customer service and technical support Getting started Package contents MountingTurning the FortiGate unit power on and off Power requirementsEnvironmental specifications To power on the FortiGate unitConnecting to the web-based manager To connect to the web-based managerConnecting to the command line interface CLI To connect to the CLIBits per second 9600 Data bits Parity Stop bits Flow controlQuick installation using factory defaults Go to System Network DNSFactory default FortiGate configuration settings Factory default Dhcp server configurationFactory default NAT/Route mode network configuration Factory default Transparent mode network configuration Factory default firewall configurationAdministrative access Management IPStrict Factory default protection profilesScan Planning the FortiGate configuration NAT/Route modeNAT/Route mode with multiple external network connections Example NAT/Route mode network configurationTransparent mode Example NAT/Route multiple internet connection configurationWeb-based manager and setup wizard Configuration optionsNext steps NAT/Route mode installation Preparing to configure the FortiGate unit in NAT/Route modeDhcp or PPPoE configuration Using the web-based managerPPPoE settings User name Password Configuring basic settings To configure interfaces Go to System Network InterfaceTo configure DNS server settings Go to System Network DNS To add a default routeUsing the command line interface Configuring the FortiGate unit to operate in NAT/Route modeTo add/change the administrator password To configure interfacesExample Get system interfaceUsing the setup wizard To configure DNS server settingsSetup wizard settings Password External InterfaceDhcp server Internal serversStarting the setup wizard Connecting the FortiGate unit to the networksSetup wizard settings Antivirus FortiGate-60 NAT/Route mode connections FortiGate-60Configuring the networks Configuring the Modem interfaceGo to System Config Time To configure virus, attack, and spam definition updatesTo set the date and time To register the FortiGate unitGo to System Maintenance Update Center Transparent mode installation Preparing to configure Transparent modeTo change the Management IP Go to System Network Management Management IPReconnecting to the web-based manager To change to Transparent mode using the CLITo configure the management IP address To configure the default gatewayTo start the setup wizard Connecting the FortiGate unit to your network InternalTo register your FortiGate unit Go to System Maintenance Update Center High availability installation Configuring FortiGate units for HA operationHigh availability configuration settings Priorities of heartbeat device and monitor prioritiesGroup ID MAC Address To change the FortiGate unit host name Configuring FortiGate units for HA using the CLI Config system global Set hostname namestr endConnecting the cluster to your networks To configure the FortiGate unit for HA operationHA network configuration To connect the clusterInstalling and configuring the cluster Installing and configuring the cluster Selecting a modem mode Configuring the modem interfaceRedundant mode configuration Standalone mode configuration To operate in standalone mode Go to System Network ModemConfiguring modem settings ModeAuto-dial Redundant forTo configure modem settings Go to System Network Modem Connecting and disconnecting the modem in Standalone modeTo connect to a dialup account Go to System Network Modem Defining a Ping Server Dead gateway detectionTo disconnect the modem ISPAdding firewall policies for modem connections Index CLIIndex
Top Page Image Contents