高可用性

透明模式下的 HA

 

 

随机负载衡。如果 FortiGate 设备使用交换机连接,选择随机负载

 

衡可以将通讯随机分配到 HA 簇中的设备上。

IP

根据 IP 地址的负载衡。如果 FortiGate 设备使用交换机连接,选择

 

IP 负载衡可以根据包的源 IP 地址和目的 IP 地址将通讯分配到 HA 簇

 

的设备上。

IP 端口

根据 IP 地址和端口的负载衡。如果 FortiGate 设备使用交换机连接,

 

选择 IP 和端口负载衡可以根据包的源 IP 地址、目的 IP 地址、源端

 

口、目的端口将通讯分配到 HA 簇的设备上。

8 监视器 的选项中,选择要监视的的 FortiGate 网络端口。

监视 FortiGate 接口可以确认它们是否已经连接到他们的网络上并且工作正常。如果 一个被监视的接口失效或者从它的网络断开,FortiGate 设备将停止处理通讯并从这个 HA 簇中删除。如果您重建通过这个接口的通讯流 (例如,如果您重新连接了一个断开 的线缆),FortiGate 设备将重新加入 HA 簇。您只能监视连接到网络的接口。

9 单击应用。

FortiGate 设备相互协商以建立一个 HA 簇。当您选择了应用之后,在 HA 簇协商期间您 可能会暂时丢失到 FortiGate 设备的连接。

图 16: 主动 - 被动 HA 配置举例

10对 HA 簇中的每个 FortiGate 设备重复以上操作。

当您完成了对每个 FortiGate 设备的配置工作之后,可以进入下一步 将 HA 簇 连接到您的网络中

将 HA 连接到您的网络中

要将 HA 簇接入您的网络,必须将 HA 簇内所有对应的接口连接到同一个集线器或交 换机上。然后您必须将这些接口通过相同的交换机或集线器分别连接到对应的网络上。

还有,您必须将这一 HA 簇中所有的 HA 接口连接到同一交换机或集线器上。此外还 需要将一台管理员电脑连接到这个交换机或集线器上。

建议使用交换机以提高网络的性能。

FortiGate-500 安装和配置指南

67

Page 79
Image 79
Fortinet 500 manual Ha 簇连接到您的网络中, 16 主动 被动 HA 配置举例

500 specifications

Fortinet 500 is a next-generation firewall (NGFW) that is part of Fortinet's acclaimed FortiGate family, designed to provide advanced security for medium to large enterprises. This appliance is known for its high performance, flexibility, and ability to protect networks from a variety of cyber threats through its robust features and technologies.

One of the main features of the Fortinet 500 is its integrated security capabilities. It combines multiple security functions into a single device, allowing organizations to manage everything from intrusion prevention and antivirus to web filtering and application control. This integration leads to simplified management and increased efficiency, as users can address multiple security needs without deploying multiple devices.

The Fortinet 500 runs on the FortiOS operating system, which is known for its simplicity and user-friendliness. FortiOS provides a centralized management interface that allows for the easy configuration and monitoring of security policies across the entire network. Additionally, the Fortinet management tools, such as FortiManager and FortiAnalyzer, enable detailed insights and reporting capabilities, helping organizations stay compliant with their security mandates.

Another characteristic that sets Fortinet 500 apart is its advanced threat intelligence, powered by the FortiGuard Labs. This global threat intelligence system continuously updates the firewall with the latest threat signatures and attack vectors, ensuring that organizations stay ahead of emerging threats. The firewall also employs machine learning and artificial intelligence to detect and mitigate sophisticated attacks in real-time.

Performance is crucial in any security appliance, and the Fortinet 500 does not disappoint. With hardware acceleration and purpose-built security processors, it delivers high throughput levels, enabling organizations to maintain productivity without sacrificing security. This level of performance is particularly beneficial in environments with heavy traffic and bandwidth demands.

In addition to these core features, the Fortinet 500 supports seamless integration with other security solutions within the Fortinet Security Fabric. This comprehensive approach allows for greater visibility and control over the entire security posture of an organization.

Overall, the Fortinet 500 is a powerful NGFW that offers a blend of advanced security features, ease of management, top-notch performance, and robust threat intelligence. Its ability to adapt to the ever-evolving landscape of cybersecurity makes it a valuable asset for businesses seeking to safeguard their digital assets and ensure seamless network operation.