Fortinet FortiGate-5000 User Guide

Power on the FortiGate unit to be configured.

Connect to the web-based manager.

Give the FortiGate unit a unique host name.
See 

. Use host names to identify 

individual cluster units. 

Go to System > Config > HA.

Select HA.

Select the HA mode.

Select a Group ID for the cluster.
The Group ID must be the same for all FortiGate units in the HA cluster.

Optionally change the Unit Priority.
See 

.

If required, select Override master.
See 

Enter and confirm a password for the HA cluster.

If you are configuring Active-Active HA, select a schedule.
See 

.

Select Apply.
The FortiGate unit negotiates to establish an HA cluster. When you select apply you 
may temporarily lose connectivity with the FortiGate unit as the HA cluster negotiates 
and because the FGCP changes the MAC address of the FortiGate unit interfaces 
(see 

). To be able to reconnect sooner, you can update the ARP 

table of your management PC by deleting the ARP table entry for the FortiGate unit.

If you are configuring a NAT/Route mode cluster, power off the FortiGate unit and 
then repeat this procedure for all the FortiGate units in the cluster. Once all of the units 
are configured, continue with 

If you are configuring a Transparent mode cluster, reconnect to the web-based 
manager.
You may have to wait a few minutes before you can reconnect.

Go to System > Status.

Select Change to Transparent Mode and select OK to switch the FortiGate unit to 
Transparent mode.

Power off the FortiGate unit.

Note: The following procedure does not include steps for configuring heartbeat devices and 
interface monitoring. Both of these HA settings should be configured after the cluster is up and 
running. 

Note: By default, port 9 and port 10 are configured as heartbeat devices. These interfaces are 
only used for HA cluster communication and are not physically accessible. These interfaces are 
not visible on the web-based manager, but they are visible on the CLI.