High Availability
HA configuration
For the M1 connections:
interface Ethernet1/5
description QinQ Test
switchportmode dot1q-tunnel
switchport access vlan 888
spanning-tree port type edge
For the M2 connections:
interface Ethernet1/5
description QinQ Test
switchport mode dot1q-tunnel
switchport access vlan 880
spanning-tree port type edge
HA packets must have the configured VLAN tag (default 999). If the switch removes or changes this tag, HA
heartbeat communication will not work and the cluster will form a split brain configuration. In effect two clusters
will form, one in each chassis, and network traffic will be disrupted.
HA configuration
Use the following steps to setup the configuration for HA between two chassis (chassis 1 and chassis 2). These
steps are written for a set of two FortiGate-7040E or 7060Es. The steps are similar for the FortiGate-7030E
except that each FortiGate-7030E only has one FIM interface module.
Each FIM interface module has to be configured for HA separately. The HA configuration is not synchronized
among FIMs. You can begin by setting up chassis 1 and setting up HA on both of the FIM interfaces modules in
it. Then do the same for chassis 2.
Each of the FortiGate-7000s is assigned a chassis ID (1 and 2). These numbers just allow you to identify the
chassis and do not influence primary unit selection.
Setting up HA on the FIM interface modules in the first FortiGate-7000 (chassis 1)
1. Log into the CLI of the FIM interface module in slot 1 (FM01) and enter the following command:
config system ha
set mode a-p
set password <password>
set group-id <id>
set chassis-id 1
set hbdev M1/M2
end
This adds basic HA settings to this FIM interface module.
2. Repeat this configuration on the FIM interface module in slot 2 (FIM02).
config system ha
set mode a-p
set password <password>
set group-id <id>
set chassis-id 1
set hbdev M1/M2
FortiGate-7000
Fortinet Technologies Inc.
60