Fortinet manual FortiGate HA between two FortiGate-5020 chassis

FortiGate HA between two FortiGate-5020 chassis

The FortiGate-5020 chassis does not support direct ethernet connections between two or more FortiGate-5020 chassis. To configure HA for FortiGate modules installed in two different FortiGate-5020 chassis you must use one or two of the front panel interfaces of the FortiGate modules as HA heartbeat interfaces. Using two (or more) heartbeat interfaces is recommended for redundancy.

The following diagram shows an example of how to connect four FortiGate- 5001SX units installed in two FortiGate-5020 chassis to make a cluster of 4 FortiGate-5001SX units.

This example cluster has a relatively basic network configuration. In the configuration, port1 connects to an internal network and port2 connects to the Internet. Port3 to port8 are available to be connected as HA heartbeat interfaces. This example uses port7 and port8 as the HA heartbeat interfaces.

Figure 3: Network and HA heartbeat connections

Internal Network

Switch

port8 (HA heartbeat) Switch

port2 (Internet)

Internet

Changing the HA heartbeat interface configuration

To configure FortiGate-5001SX cluster units for HA heartbeat interface connections between modules installed in two FortiGate-5020 chassis, you must change the default FortiGate-5001SX HA heartbeat interface configuration.

By default the FortiGate-5001SX HA heartbeat configuration uses port9 and port10 (the backplane interfaces) for HA heartbeat interfaces. To configure HA heartbeat interfaces for this example configuration, select port7 and port8 to be HA heartbeat interfaces and unselect port9 and port10.