Fortigate High Availability – Active/Active – Part 2 – Implementation

In Part 1 we got the prerequisites sorted out for the HA (removed all PPPoE or DHCP address assignment from the FG boxes and VLANed a switch to split the inputs between both boxes).

Part 2 is considerably easier, the cabling had been done for the VLANs now we had to designate 2x ports as our cluster comms ports, I chose port1 and port2 on each box, each given a weight of 50:


Next we plug configure the cluster and weighting of each box in the cluster, we wanted to run ours in Active/Active – with session pickup and reserve a port for managing the units individually on port3 as you can see from the above settings.

The process of them bringing up the cluster goes like so:

  1. Backup your master config (the one you want to run on the firewalls)
  2. Set the master unit to have a higher priority – I set ours to 255 and the other to 0
  3. Shut down both units
  4. Plug in port1 on fw-a into port1 on fw-b and the same with port2
  5. Power on the master unit and allow it to boot fully
  6. Power on the slave unit and allow it to boot
  7. Log into the web interface of the firewall and check to see if the cluster is up as below


You can view stats on the cluster by going to System -> Config -> HA and clicking View HA Statistics here you can view session distribution etc.


And that’s it, your firewalls are now running Active/Active HA, load sharing, redundancy, the whole lot!

Leave a Reply

Your email address will not be published. Required fields are marked *