High-Availability & Traffic Shaping
High Availability is the most important stuff in networking technology mostly in event of network failures. Fortinet provides three different solutions in terms of high availability.
Fortigate Cluster Protocol:
It is also called as FGCP helps us to combine two or more fortigate units in to one logical units called fortigate cluster. This FGCP protocol is a default protocol for clustering and has two flavours of configuration:
- Active –Active
To understand this lets take an example in below figure, where two fortigate units are in cluster over WAN-1 and WAN-2 which is also used for heartbeat message exchange between them. Following are the steps to configure HA mode in fortigate units.
Step1: Configure WAN-1 and WAN-2 interface with IP address as mentioned in diagram.
To configure high availability go to System | Config | HA and select Active-Active or Active-Passive Mode.
Select the Management Interface Reservation and select the any another port with IP address , this is required because to have a non synchronised interface on every unit giving different IP to each one and this is very much used in management of virtual clusters.
Device Priority (highest) is used when we want to manually select the Primary master in a cluster else if priority is same then whose SN is highest will be master of cluster.
Group name should same for both units and also enable sessions Pickup flag which is used to activate failover for TCP, UDP, IPSEC, ICMP sessions.
Repeat the same configuration on fortigate secondary units with changed IP address of WAN-1 and WAN-2 interface and lower device Priority.
Once everything is done, both device will synchronise the configuration as seen in below figure.