FortiGate-5000 active-active HA cluster with FortiClient licenses

To view cluster status

As you add units to the cluster you can log into the web-based manager of one of the cluster units to view the status of the cluster. The status displays will show each unit as it is added to the cluster.

1. Log into the primary unit or any cluster unit and view the system dashboard.

The System Information dashboard widget shows the Cluster Name (example3.com) and the host names and serial numbers of the Cluster Members. The Unit Operation widget shows multiple cluster units.

2. Go to System > HA to view the cluster members list.

The list shows three cluster units, their host names, their roles in the cluster, and their priorities. You can check this list at any time to confirm that the cluster is operating normally.

If the cluster members list and the dashboard do not display all of the cluster units, they are not functioning as a cluster.

 

To troubleshoot the cluster

See FortiGate-5000 active-active HA cluster with FortiClient licenses on page 1385.

 

To manage each cluster unit

Because you have configured a reserved management interface, you can manage each cluster unit separately by connecting to the IP address you configured for each unit’s mgmt1 interface. You can view the status of each cluster unit and make changes to each unit’s configuration. For example, as described below, each cluster unit must have its own FortiClient license. You can use the reserved management IP addresses to connect to each cluster unit to install the FortiClient license for that unit.

Usually you would make configuration changes by connecting to the primary unit and changing its configuration. The cluster then synchronizes the configuration changes to all cluster units. If you connect to individual cluster units and change their configuration, those configuration changes are also synchronized to each cluster unit. The exception to this is configuration objects that are not synchronized, such as the host name, FortiClient license and so on.

You can also manage each cluster unit by logging into the primary unit CLI and using the following command to connect to other cluster units:

execute ha manage <cluster-index>

 

To add basic configuration settings to the cluster

Use the following steps to configure the cluster.

1. Log into the cluster web-based manager.

You can log into the primary unit or any one of the cluster units using the appropriate mgmt1 IP address.

2. Go to System > Admin > Administrators.

3. Edit admin and select Change Password.

4. Enter and confirm a new password.

5. Select OK.

6. Go to System > Network > Interface and edit the port1 interface. Set this interface IP address to the address required to connect to the interface to the Internet.

7. Edit the port2 interface and set its IP to an IP address for the internal network.

This entry was posted in FortiOS 5.4 Handbook and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.