Prepare a Fortigate to configure high availability cluster

If you’ve got a fresh Fortigate and want to configure it as HA, you have to prepare something, because the factory-standard configuration doesn’t let you to enabled High Availability.

The preparation steps are as follows:

  • Remove DHCP server settings
  • Remove existing firewall policies
  • Set the interface mode for all interfaces to static, because pppoe and dhcp modes are not supported in a HA cluster environment
  • Set the hostname
  • Set the mode for interfaces to internal-switch-mode interface

After the steps you are requested to reboot the device.

The example below I noted commands I needed for a Fortigate-90D. Change the interface name, if you need to do the same for a model with different interface names:

FGT90D1234567890 # config firewall policy
FGT90D1234567890 # (policy) purge

This operation will clear all table!
Do you want to continue? (y/n)y

FGT90D1234567890 (policy) # end 
FGT90D1234567890 # conf sys dhcp ser 
FGT90D1234567890 (server) # purge 

This operation will clear all table!
Do you want to continue? (y/n)y

FGT90D1234567890 (server) # end 
FGT90D1234567890 # conf system interface 
FGT90D1234567890 (interface) # edit wan1 
FGT90D1234567890 (wan1) # set mode static 
FGT90D1234567890 (wan1) # next
FGT90D1234567890 (interface) # edit wan2
FGT90D1234567890 (wan2) # set mode static 
FGT90D1234567890 (wan2) # next
FGT90D1234567890 (interface) # edit modem
FGT90D1234567890 (modem) # set mode static 
FGT90D1234567890 (modem) # end
FGT90D1234567890 # conf sys global
FGT90D1234567890 (global) # set hostname Fortigate123 
FGT90D1234567890 (global) # set internal-switch-mode interface 
FGT90D1234567890 (global) # end 

Changing switch mode will reboot the system!
Do you want to continue? (y/n)y

Fortigate123 # 
 
The system is going down NOW !! 
 
Please stand by while rebooting the system. 
Restarting system.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.