Chapter 9 High Availability for FortiOS 5.0 : An introduction to the FGCP : Configuring FortiGate units for FGCP HA operation
  
Configuring FortiGate units for FGCP HA operation
Each FortiGate unit in the cluster must have the same HA configuration. Once the cluster is connected, you can configure it in the same way as you would configure a standalone FortiGate unit. The following procedures set the HA mode to active-passive and set the HA password to HA_pass.
 
Make sure your FortiGate interfaces are configured with static IP addresses. If any interface gets its address using DHCP you will not be able to configure HA.
To configure a FortiGate unit for HA operation - web‑based manager
1. Power on the FortiGate unit to be configured.
2. Log into the web‑based manager.
3. On the Dashboard System Information dashboard widget, beside Host Name select Change.
4. Enter a new Host Name for this FortiGate unit.
Changing the host name makes it easier to identify individual cluster units when the cluster is operating.
5. Go to System > Config > HA and change the following settings:
Mode
Active-Passive
Group Name
Example_cluster
Password
HA_pass
The password must be the same for all FortiGate units in the cluster.
You can accept the default configuration for the remaining HA options and change them later, once the cluster is operating.
6. Select OK.
The FortiGate unit negotiates to establish an HA cluster. When you select OK you may temporarily lose connectivity with the FortiGate unit as the HA cluster negotiates and the FGCP changes the MAC address of the FortiGate unit interfaces (see “Cluster virtual MAC addresses”). To be able to reconnect sooner, you can update the ARP table of your management PC by deleting the ARP table entry for the FortiGate unit (or just deleting all ARP table entries). You may be able to delete the ARP table of your management PC from a command prompt using a command similar to arp -d.
7. Power off the FortiGate unit.
8. Repeat this procedure for all of the FortiGate units in the cluster.
Once all of the units are configured, continue with “Connecting a FortiGate HA cluster”.
To configure a FortiGate unit for HA operation - CLI
1. Power on the FortiGate unit to be configured.
2. Log into the CLI.
3. Enter the following command to change the FortiGate unit host name.
config system global
set hostname Example1_host
end
Changing the host name makes it easier to identify individual cluster units when the cluster is operating.
4. Enter the following command to enable HA:
config system ha
set mode active-passive
set group-name Example_cluster
set password HA_pass
end
You can accept the default configuration for the remaining HA options and change them later, once the cluster is operating.
The FortiGate unit negotiates to establish an HA cluster. You may temporarily lose connectivity with the FortiGate unit as the HA cluster negotiates and because the FGCP changes the MAC address of the FortiGate unit interfaces (see “Cluster virtual MAC addresses”). To be able to reconnect sooner, you can update the ARP table of your management PC by deleting the ARP table entry for the FortiGate unit (or just deleting all arp table entries). You may be able to delete the arp table of your management PC from a command prompt using a command similar to arp -d.
5. Power off the FortiGate unit.
6. Repeat this procedure for all of the FortiGate units in the cluster.
Once all of the units are configured, continue with “Connecting a FortiGate HA cluster”.