Fortinet 400 manual HA in NAT/Route mode, Installing and configuring the FortiGate units

During startup the members of the HA cluster negotiate to select the primary unit. The primary unit allows other FortiGate units to join the HA cluster as subordinate units and assigns each subordinate unit a priority.

The FortiGate units in the HA cluster communicate status and session information using their HA interfaces. All FortiGate units in the cluster maintain all session information. For load balancing, when the primary FortiGate unit forwards a packet to a subordinate unit it sends the packet back out the interface on which it received the packet to the corresponding interface on the subordinate FortiGate unit.

If the primary FortiGate unit fails, the first subordinate unit to register that the primary unit has failed becomes the new primary unit. The new primary unit notifies the other FortiGate units that it is the new primary unit and resets the priority of each of the remaining subordinate units. The new primary unit also redistributes communication sessions among the units in the HA cluster.

During a fail-over, the new primary FortiGate unit notifies the adjacent networking devices so that the entire network can quickly converge to the new data path. The new primary unit also alerts administrators of the changes to the HA cluster by writing a message to the event log, sending an SNMP trap (if SNMP is enabled), and sending an alert email.

If a subordinate FortiGate unit fails, the primary unit writes a message to the event log, and sends an SNMP trap and an alert email. The primary unit also adjusts the priority of each of the remaining units in the HA cluster.

HA in NAT/Route mode

Use the following steps to configure a group of FortiGate units to operate as an HA cluster in NAT/Route mode.

•Installing and configuring the FortiGate units

•Configuring the HA interfaces

•Configuring the HA cluster

•Connecting the HA cluster to your network

•Starting the HA cluster

Installing and configuring the FortiGate units

Follow the instructions in “NAT/Route mode installation” on page 45 to install and configure the FortiGate units. All of the FortiGate units in the HA cluster should have the same configuration. Do not connect the FortiGate units to the network. Instead, proceed to “Configuring the HA interfaces”.

Configuring the HA interfaces

Configure the 4/HA interfaces of all of the FortiGate-400s in the HA cluster to operate in HA mode. When you switch the 4/HA interface to HA mode, the System > Config > HA options become active. When running in HA mode, the 4/HA interfaces cannot be connected to a network because they are dedicated to HA communication.