Preparing the FortiGates before setting up a FGCP cluster
Before creating an FGCP cluster you should complete the following setup on each FortiGate.
DHCP and PPPoE
Make sure your FortiGate interfaces are configured with static IP addresses. If any interface gets its address using DHCP or PPPoE you should temporarily switch it to a static address and enable DHCP or PPPoE after the cluster has been established.
Make sure the FortiGates are running the same FortiOS firmware version.
FortiOS Carrier license
If the FortiGates in the cluster will be running FortiOS Carrier, apply the FortiOS Carrier license before configuring the cluster (and before applying other licenses). Applying the FortiOS Carrier license sets the configuration to factory defaults, requiring you to repeat steps performed before applying the license.
Support contracts and FortiGuard, FortiCloud, FortiClient, Mobile, VDOMs Licensing
Register and apply these licenses to each FortiGate. This includes FortiCloud activation and FortiClient licensing, and entering a license key if you purchased more than 10 Virtual Domains (VDOMS).
You only need one set of FortiToken licenses for the HA cluster and you only need to activate each token once. Normally you would activate your tokens on the primary unit and this configuration and the seed information will be synchronized to all cluster members so all tokens will then be activated for all cluster members.
If you have added FortiToken licenses and activated FortiTokens on a standalone FortiGate unit before configuring HA the licenses and the FortiToken activations will usually be synchronized to all cluster units after forming a cluster. To make sure this goes smoothly you can make sure the FortiGate that you have added the licenses to becomes the primary unit when setting up the cluster as described in How to set up FGCP clustering (recommended steps).
You can also install any third-party certificates on the primary FortiGate before forming the cluster. Once the cluster is formed third-party certificates are synchronized to the backup FortiGate.