Post

Fortigate HA Cluster

Posted
By Sena Perdiana 1 min read

A Fortigate HA (High Availability) Cluster is a configuration that links multiple Fortigate firewalls to work together as a single unit, providing redundancy and load balancing. This setup ensures continuous network availability by automatically transferring control to a standby unit if the active device fails, minimizing downtime and maintaining service continuity.

x


Active-Passive

First configure all the interfaces on the Primary Node, here we dont use IP Address on the Heartbeat beacuse it will be linked through layer 2

x


Next on System » HA, change mode to Active-Passive and configure the Cluster Settings

x

Use Unicast Heartbeat to use Layer 3 for the Heatbeat Link


On the Secondary node, all we need is the management interface

x


Then configure the same Cluster Settings

x


Now the HA Cluster has been established

x


Failing Over

On the Primary Node, we’ll disable the uplink and downlink interfaces to simulate a network failure

x


Now if we access the management interface, it’ll automatically opens the Secondary Node, and it also shows that the Seconary Node has become the active node

x


On the Endpoint side, no drops on the network to be seen while the failover is happening

x


If we restore the network functionality on the Primary Node, it’ll not take the Active role, instead it’ll stay as a standby node

x


To force a failover back to Primary Node, run “execute ha failover status 1” or simply simulate a network failure on Secondary Node

x


And now the Active node is back on the Primary

x


Active-Active

To configure the HA Cluster to be Active-Active, repeat the process but simply change the HA mode on both sides

x

x


And now it is on as Active-Active

x


Security, Fortigate
Fortigate
This post is licensed under CC BY 4.0 by the author.