To connect the cluster, HA network configuration | Fortinet MR8

Connecting the cluster to your networks	High availability installation

Inserting an HA cluster into your network temporarily interrupts communications on the network because new physical connections are being made to route traffic through the cluster. Also, starting the cluster interrupts network traffic until the individual FortiGate units in the cluster are functioning and the cluster completes negotiation. Cluster negotiation normally takes just a few seconds. During system startup and negotiation all network traffic is dropped.

To connect the cluster

1Connect the cluster units:

•Connect the internal interfaces of each FortiGate unit to a switch or hub connected to your internal network.

•Connect the WAN1 interfaces of each FortiGate unit to a switch or hub connected to your external network.

•Connect the DMZ interfaces of the FortiGate units to another switch or hub. By default the DMZ interfaces are used for HA heartbeat communications. These interfaces should be connected together for the HA cluster to function.

•Optionally connect the WAN2 interface of each FortiGate unit to a switch or hub connected a second external network.

Figure 12: HA network configuration

Internal Network

Internal WAN1

			INTERNAL
PWR	STATUS	1	2	3	4	DMZ	WAN1	WAN2
		LINK 100	LINK 100	LINK 100	LINK 100	LINK 100	LINK 100	LINK 100

Hub or					DMZ				Hub or
Switch									Switch

DMZ

			INTERNAL
PWR	STATUS	1	2	3	4	DMZ	WAN1	WAN2
		LINK 100	LINK 100	LINK 100	LINK 100	LINK 100	LINK 100	LINK 100

Router

Internal WAN1

Internet

52

01-28008-0018-20050128

Fortinet Inc.

Image 52

Fortinet MR8 manual To connect the cluster, HA network configuration

Contents

Installation Guide January 01-28008-0018-20050128 Trademarks Regulatory Compliance Table of Contents Index Secure installation, configuration, and management Introduction Command line interface Web-based manager Setup wizard Document conventions FortiGate Installation Guide FortiGate documentation Related documentation Fortinet Knowledge CenterComments on Fortinet technical documentation FortiManager documentation FortiMail documentation Customer service and technical supportFortiLog documentation Customer service and technical support Customer service and technical support Getting started Package contents Mounting Turning the FortiGate unit power on and off Power requirementsEnvironmental specifications To power on the FortiGate unit Connecting to the web-based manager To connect to the web-based manager Connecting to the command line interface CLI To connect to the CLIBits per second 9600 Data bits Parity Stop bits Flow control Quick installation using factory defaults Go to System Network DNS Factory default FortiGate configuration settings Factory default Dhcp server configuration Factory default NAT/Route mode network configuration Factory default Transparent mode network configuration Factory default firewall configurationAdministrative access Management IP Strict Factory default protection profilesScan Planning the FortiGate configuration NAT/Route mode NAT/Route mode with multiple external network connections Example NAT/Route mode network configuration Transparent mode Example NAT/Route multiple internet connection configuration Web-based manager and setup wizard Configuration optionsNext steps NAT/Route mode installation Preparing to configure the FortiGate unit in NAT/Route mode Dhcp or PPPoE configuration Using the web-based managerPPPoE settings User name Password Configuring basic settings To configure interfaces Go to System Network InterfaceTo configure DNS server settings Go to System Network DNS To add a default route Using the command line interface Configuring the FortiGate unit to operate in NAT/Route modeTo add/change the administrator password To configure interfaces Example Get system interface Using the setup wizard To configure DNS server settings Setup wizard settings Password External InterfaceDhcp server Internal servers Starting the setup wizard Connecting the FortiGate unit to the networksSetup wizard settings Antivirus FortiGate-60 NAT/Route mode connections FortiGate-60 Configuring the networks Configuring the Modem interface Go to System Config Time To configure virus, attack, and spam definition updatesTo set the date and time To register the FortiGate unit Go to System Maintenance Update Center Transparent mode installation Preparing to configure Transparent mode To change the Management IP Go to System Network Management Management IP Reconnecting to the web-based manager To change to Transparent mode using the CLI To configure the management IP address To configure the default gateway To start the setup wizard Connecting the FortiGate unit to your network Internal To register your FortiGate unit Go to System Maintenance Update Center High availability installation Configuring FortiGate units for HA operationHigh availability configuration settings Priorities of heartbeat device and monitor priorities Group ID MAC Address To change the FortiGate unit host name Configuring FortiGate units for HA using the CLI Config system global Set hostname namestr end Connecting the cluster to your networks To configure the FortiGate unit for HA operation HA network configuration To connect the cluster Installing and configuring the cluster Installing and configuring the cluster Selecting a modem mode Configuring the modem interfaceRedundant mode configuration Standalone mode configuration To operate in standalone mode Go to System Network Modem Configuring modem settings ModeAuto-dial Redundant for To configure modem settings Go to System Network Modem Connecting and disconnecting the modem in Standalone modeTo connect to a dialup account Go to System Network Modem Defining a Ping Server Dead gateway detectionTo disconnect the modem ISP Adding firewall policies for modem connections Index CLI Index