If you’ve got a fresh Fortigate and want to configure it as HA, you have to prepare something, because the factory-standard configuration doesn’t let you to enabled High Availability.
The preparation steps are as follows:
- Remove DHCP server settings
- Remove existing firewall policies
- Set the interface mode for all interfaces to static, because pppoe and dhcp modes are not supported in a HA cluster environment
- Set the hostname
- Set the mode for interfaces to internal-switch-mode interface
After the steps you are requested to reboot the device.
The example below I noted commands I needed for a Fortigate-90D. Change the interface name, if you need to do the same for a model with different interface names:
FGT90D1234567890 # config firewall policy FGT90D1234567890 # (policy) purge This operation will clear all table! Do you want to continue? (y/n)y FGT90D1234567890 (policy) # end FGT90D1234567890 # conf sys dhcp ser FGT90D1234567890 (server) # purge This operation will clear all table! Do you want to continue? (y/n)y FGT90D1234567890 (server) # end FGT90D1234567890 # conf system interface FGT90D1234567890 (interface) # edit wan1 FGT90D1234567890 (wan1) # set mode static FGT90D1234567890 (wan1) # next FGT90D1234567890 (interface) # edit wan2 FGT90D1234567890 (wan2) # set mode static FGT90D1234567890 (wan2) # next FGT90D1234567890 (interface) # edit modem FGT90D1234567890 (modem) # set mode static FGT90D1234567890 (modem) # end FGT90D1234567890 # conf sys global FGT90D1234567890 (global) # set hostname Fortigate123 FGT90D1234567890 (global) # set internal-switch-mode interface FGT90D1234567890 (global) # end Changing switch mode will reboot the system! Do you want to continue? (y/n)y Fortigate123 # The system is going down NOW !! Please stand by while rebooting the system. Restarting system.