Tag Archives: fortigate 5000 ha cluster

FortiGate-5000 active-active HA cluster with FortiClient licenses

FortiGate5000 active-active HA cluster with FortiClient licenses

This section describes how to configure an HA cluster of three FortiGate-5001C units that connect an internal network to the Internet. The FortiGate-5001C units each have a FortiClient license installed on them to support FortiClient profiles.

Normally it is recommended that you add FortiClient licenses to the FortiGate units before setting up the cluster. This example; however, describes how to apply FortiClient licenses to the FortiGate units in an operating cluster.

 

Example network topology

The following diagram shows an HA cluster consisting of three FortiGate-5001C cluster units (host names slot-3, slot-4, and slot-5) installed in a FortiGate-5000 series chassis with two FortiSwitch-5003B units for heartbeat communication between the cluster units. The cluster applies security features including FortiClient profiles to data traffic passing through it.

The cluster is managed from the internal network using the FortiGate-5001C mgmt1 interfaces configured as HA reserved management interfaces. Using these reserved management interfaces the overall cluster can be managed and cluster units can be managed individually. Individual management access to each cluster unit makes some operations, such as installing FortiClient licenses, easier and also allows you to view status of each cluster unit.

The reserved management interface of each cluster unit has a different IP address and retains its own MAC address. The cluster does not change the reserved management interface MAC address.