High Availability

Video Activity

In this video, you will learn how to set up a secondary backup FortiGate unit that will provide redundancy if the primary FortiGate unit fails. This setup is known as High Availability, and improves network reliability.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this video, you will learn how to set up a secondary backup FortiGate unit that will provide redundancy if the primary FortiGate unit fails. This setup is known as High Availability, and improves network reliability.

Video Transcription
00:00
>> In this video, you will learn how to set up
00:00
a secondary backup FortiGate unit that will provide
00:00
redundancy if the primary FortiGate unit fails.
00:00
This setup is known as
00:00
high availability and improves network reliability.
00:00
First, connect the two FortiGate units,
00:00
running Ethernet cables between
00:00
the HA heartbeat interfaces of the two units.
00:00
If your FortiGate unit doesn't have
00:00
dedicated interfaces for HA,
00:00
you can use any interface,
00:00
as long as it's not used for anything else.
00:00
Two switches must be used.
00:00
One between the FortiGates and the Internet,
00:00
and another between the FortiGates
00:00
and the internal network.
00:00
Open the management interface for
00:00
the primary FortiGate unit to configure it.
00:00
Go to "System" "Dashboard"
00:00
"Status" and find the "System Information" widget.
00:00
Change the units host name to
00:00
identify it as the primary FortiGate.
00:00
In the "System Information" widget configure HA status,
00:00
set the mode to "Active-Passive",
00:00
and set a group name and password.
00:00
Ensure that the two heartbeat interfaces are
00:00
enabled with their priority set to 50.
00:00
Apply the changes.
00:00
Now connect to the backup
00:00
FortiGate and open the dashboard.
00:00
Set the host name to backup and configure HA status.
00:00
Set the mode to "Active-Passive".
00:00
Set the device priority to be
00:00
a lower number than on the primary FortiGate.
00:00
Enter the group name and password
00:00
that you entered on the primary,
00:00
and check that the correct interfaces are
00:00
enabled and priority set to 50.
00:00
Connect to the primary FortiGate again and go to
00:00
"System" "Config" "HA" to see the cluster information.
00:00
Verify that both FortiGates appear and
00:00
are properly identified and prioritized.
00:00
Select "View HA Statistics" for
00:00
more information on how the cluster is
00:00
operating and processing traffic.
00:00
Traffic will flow through
00:00
the primary FortiGate by default.
00:00
If the primary FortiGate is unavailable,
00:00
traffic will fail-over and
00:00
the backup FortiGate will pick up the slack.
00:00
To test this, ping the IP address
00:00
8.8.8.8 from a PC on the internal network.
00:00
After a few pings have gone through,
00:00
power off the primary FortiGate.
00:00
After a brief pause in the results,
00:00
traffic will divert to the backup
00:00
FortiGate and the pings will continue.
00:00
Here's a useful note about HA clusters,
00:00
manually upgrading the firmware on the primary
00:00
>> FortiGate will automatically update the firmware
00:00
>> on the backup FortiGate.
00:00
Just be sure to backup
00:00
your system configuration before updating the firmware.
00:00
Thank you for watching.
00:00
If you need further details,
00:00
you can visit docs.fortinet.com at
00:00
anytime to access our complete documentation library.
Up Next