Configuring an HA cluster

System config

 

 

Monitor priorities

Monitor priorities and link failover is not supported for the internal interface.

Enable or disable monitoring a FortiGate interface to verify that the interface is functioning properly and connected to its network. If a monitored interface fails or is disconnected from its network the interface leaves the cluster. The cluster reroutes the traffic being processed by that interface to the same interface of another cluster unit in the cluster that still has a connection to the network. This other cluster unit becomes the new primary cluster unit.

If you can re-establish traffic flow through the interface (for example, if you re-connect a disconnected network cable) the interface rejoins the cluster. If Override Master is enabled for this FortiGate unit (see “Override Master” on page 87), this FortiGate unit becomes the primary unit in the cluster again.

Note: Only monitor interfaces that are connected to networks.

Note: You can monitor physical interfaces, but not VLAN subinterfaces.

Increase the priority of interfaces connected to higher priority networks or networks with more traffic. The monitor priority range is 0 to 512.

If a high priority interface on the primary cluster unit fails, one of the other units in the cluster becomes the new primary unit to provide better service to the high priority network.

If a low priority interface fails on one cluster unit and a high priority interface fails on another cluster unit, a unit in the cluster with a working connection to the high priority interface would, if it becomes necessary to negotiate a new primary unit, be selected instead of a unit with a working connection to the low priority interface.

Configuring an HA cluster

Use the following procedures to create an HA cluster consisting of two or more FortiGate units. These procedures describe how to configure each of the FortiGate units for HA operation and then how to connect the FortiGate units to form a cluster. Once the cluster is connected you can configure it in the same way as you would configure a standalone FortiGate unit.

To configure a FortiGate unit for HA operation

Each FortiGate unit in the cluster must have the same HA configuration. Use the following procedure to configure each FortiGate unit for HA operation.

Note: The following procedure does not include steps for configuring interface heartbeat devices and interface monitoring. Both of these HA settings should be configured after the cluster is up and running.

90

01-28007-0068-20041203

Fortinet Inc.

Page 89 Page 91
Page 90
Image 90
Fortinet 100A manual Monitor priorities, Configuring an HA cluster, To configure a FortiGate unit for HA operation
Page 89 Page 91

100A specifications

Fortinet 100A is a versatile network security device designed to provide comprehensive protection against various cyber threats while ensuring optimal network performance. As part of the FortiGate series, the 100A combines advanced security features with powerful hardware capabilities, making it suitable for small to medium-sized businesses.

One of the key features of the Fortinet 100A is its deep packet inspection technology. This capability allows the firewall to analyze both the header and payload of packets traversing the network, enabling it to detect and block malicious content effectively. The 100A can identify and mitigate a wide range of threats, including malware, intrusions, and application-layer attacks.

The FortiOS operating system powers the Fortinet 100A, offering a robust and user-friendly interface for configuration and management. With its unified security management console, administrators can efficiently monitor network traffic and enforce security policies across the organization. The system provides centralized logging and reporting features, enabling users to gain valuable insights into their security posture and respond swiftly to incidents.

The 100A supports multiple deployment modes, including transparent, NAT, and route modes. This flexibility allows organizations to integrate the device into their existing network architecture with ease. The firewall's high throughput capabilities ensure that network performance remains unaffected, even under heavy load from multiple users and devices.

Another notable aspect of the Fortinet 100A is its support for various VPN technologies, including IPsec and SSL VPN. This feature facilitates secure remote access for employees, enabling them to connect to the corporate network safely, regardless of their location. As remote work continues to be a norm in many sectors, this capability is critical for maintaining productivity and security.

In addition to these features, the Fortinet 100A provides comprehensive web filtering capabilities, protecting users from harmful websites and inappropriate content. This protection is essential for organizations looking to maintain a secure and productive environment.

With its combination of powerful security features, flexible deployment options, and robust performance, the Fortinet 100A stands out as an ideal solution for organizations seeking to bolster their cybersecurity measures while ensuring seamless connectivity for users. As cyber threats continue to evolve, investing in a capable device like the FortiGate 100A is crucial for maintaining a secure network infrastructure.
Top Page Image Contents