FortiGate-5000 active-active HA cluster with FortiClient licenses

Leave a reply

To add a password for the admin administrative account

1. Add a password for the admin administrative account.

config system admin edit admin

set password <psswrd>

end

 

To add basic configuration settings to the cluster

Use the following steps to configure the cluster.

1. Log into the cluster CLI.

You can log into the primary unit or any one of the cluster units using the appropriate mgmt1 IP

address.

2. Add a password for the admin administrative account.

config system admin edit admin

set password <psswrd>

end

3. Set the port1 interface IP address to the address required to connect to the interface to the Internet.

config system interface edit port1

set ip 10.10.10.10/24 end

4. Set the port2 interface IP address to the address required to connect to the interface to the internal network.

config system interface edit port2

set ip 172.20.120.12/24 end

 

To add a FortiClient license to each cluster unit

Normally you would add FortiClient licenses to the FortiGate units before forming the cluster. However, you can can use the following steps to add FortiClient licenses to an operating cluster.

Contact your reseller to purchase FortiClient licenses for your cluster units. Each cluster unit must have its own FortiClient license.

When you receive the license keys you can log into https://support.fortinet.com and add a FortiClient license key to each licensed FortiGate unit. Then, as long as the cluster can connect to the Internet the license keys are downloaded from the FortiGuard network to all of the FortiGate units in the cluster.

You can also use the following steps to manually add the license keys to your cluster units from the CLI. Your cluster must be connected to the Internet.

1. Log into the CLI of each cluster unit using its reserved management interface IP address.

2. Enter the following command to the unit’s serial number:

get system status

3. Enter the following command to add the license key for that serial number:

execute FortiClient-NAC update-registration-license <license-key>

4. Confirm that the license has been installed and the correct number of FortiClients are licensed.

execute forticlient info

Maximum FortiClient connections: unlimited. Licensed connections: 114

NAC: 114

WANOPT: 0

Test: 0

Other connections: IPsec: 0

SSLVPN: 0

5. Repeat for all of the cluster units.

You can also log into the primary unit CLI and use the execute ha manage command to connect to each cluster unit CLI.

Pages: 1 2 3 4 5 6
This entry was posted in FortiOS 5.4 Handbook and tagged on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.