Fortinet 127, 500A, FORTIGATE, Network Router - page 50

50 01-28005-0101-20041015 Fortinet Inc.

Configuring FortiGate units for HA using the CLI High availability installation

Inserting an HA cluster into your network temporarily interrupts communications on

the network because new physical connections are being made to route traffic through

the cluster. Also, starting the cluster interrupts network traffic until the individual

FortiGate units in the cluster are functioning and the cluster completes negotiation.

Cluster negotiation normally takes just a few seconds. During system startup and

negotiation all network traffic is dropped.

To connect the cluster

1Connect the cluster units:

• Connect the LAN interfaces of each FortiGate unit to a switch or hub connected to

a network.

• Connect port 1 of each FortiGate unit to a switch or hub connected to your internal

network.

• Connect port 2 of each FortiGate unit to a switch or hub connected to your external

network.

• Optionally connect ports 3, 5, and 6 of each FortiGate unit to switches or hubs

connected to other networks.

• Connect port 4 of each FortiGate unit to another switch or hub. By default port4 is

used for HA heartbeat communication. These interfaces should be connected

together for the HA cluster to function.

Figure 11:HA network configuration

Esc Enter

A

CONSOLE

56

USB LAN

1234

L1 L2 L3 L4

10/100 10/100/1000

Esc Enter

A

CONSOLE

56

USB LAN

1234

L1 L2 L3 L4

10/100 10/100/1000

Internet

Internal Network

Port 1

Port 1

Port 2

Port 2

Hub or

Switch

Hub or

Switch

Router

Port 4

Port 4

Contents

Main FortiGate 500A Installation Guide Versi on 2. 80 MR5 Page Table of Contents Page FortiGate-500A Installation Guide Version 2.80 MR5 Introduction Secure installation, configuration, and management Web-based manager Command line interface Setup wizard Document conventions 8 Fortinet documentation Comments on Fortinet technical documentation 10 Customer service and technical support Getting started 12 Package contents Mounting Dimensions Weight Power requirements Turning the FortiGate unit power on and off Connecting to the web-based manager Connecting to the command line interface (CLI) Factory default FortiGate configuration settings Factory default NAT/Route mode network configuration 18 Factory default Transparent mode network configuration Factory default firewall configuration Factory default protection profiles 20 Planning the FortiGate configuration NAT/Route mode NAT/Route mode with multiple external network connections 22 Transparent mode Configuration options Web-based manager and setup wizard CLI Page NAT/Route mode installation Preparing to configure the FortiGate unit in NAT/Route mode 26 DHCP or PPPoE configuration Using the web-based manager Configuring basic settings 28 Using the front control buttons and LCD Using the command line interface Configuring the FortiGate unit to operate in NAT/Route mode Page Page Using the setup wizard Starting the setup wizard Connecting the FortiGate unit to the network(s) FortiGate-500A Configuring the networks Page Transparent mode installation Preparing to configure Transparent mode Using the web-based manager Reconnecting to the web-based manager Using the front control buttons and LCD Using the command line interface Page 42 Using the setup wizard Reconnecting to the web-based manager Connecting the FortiGate unit to your network FortiGate-500A Page High availability installation Priorities of heartbeat device and monitor priorities Configuring FortiGate units for HA operation High availability configuration settings Page Configuring FortiGate units for HA using the web-based manager 48 Configuring FortiGate units for HA using the CLI Connecting the cluster to your networks Page Installing and configuring the cluster Page Index