高可用性

NAT/ 路由模式下的 HA

 

 

IP

根据 IP 地址的负载衡。如果 FortiGate 设备使用交换机连接,选择

 

IP 负载衡可以根据包的源 IP 地址和目的 IP 地址将通讯分配到 HA 簇

 

的设备上。

IP 端口

根据 IP 地址和端口的负载衡。如果 FortiGate 设备使用交换机连接,

 

选择 IP 和端口负载衡可以根据包的源 IP 地址、目的 IP 地址、源端

 

口、目的端口将通讯分配到 HA 簇的设备上。

8 监视器 的选项中,选择要监视的的 FortiGate 网络接口的名称。

监视 FortiGate 接口可以确认它们是否已经连接到他们的网络上并且工作正常。如果 一个被监视的接口失效或者从它的网络断开,FortiGate 设备将停止处理通讯并从这个 HA 簇中删除。如果您重建通过这个接口的通讯流 (例如,如果您重新连接了一个断开 的线缆),FortiGate 设备将重新加入 HA 簇。您只能监视连接到网络的接口。

9 单击应用。

FortiGate 设备相互协商以建立一个 HA 簇。当您选择了应用之后,在 HA 簇协商期间您 可能会暂时丢失到 FortiGate 设备的连接。

图 14: 主动 - 主动 HA 配置举例

10对于 HA 簇中的每个 FortiGate 重复以上操作。

当您配置完全部的 FortiGate 设备之后,可以进行 将 HA 簇连接到您的网络操作。

将 HA 连接到您的网络

要将 HA 簇接入您的网络,您必须将 HA 簇内所有对应的接口连接到同一个集线器或 交换机上。然后您必须将这些接口通过相同的交换机或集线器分别连接到对应的网络 上。

还有,您必须将这一 HA 簇中所有的 HA 接口连接到同一交换机或集线器上。您还需 要将一台管理员电脑连接到这个交换机或集线器上。这个簇中的设备将一直进行 HA 状 态通讯以确保簇工作正常。因此,这个簇中全部 FortiGate 设备的 HA 接口之间的连接 必须妥善地维护。这个通讯的任何中断都将导致不可预料的后果。

建议您使用交换机以提高网络的性能。

FortiGate-500 安装和配置指南

63

Page 75
Image 75
Fortinet 500 manual Ha 簇连接到您的网络, 14 主动 主动 HA 配置举例

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.