Fortigate HA (high availability)
It is important to set up a redundant system especially for outside traffic. In this lab, I will post High Availability implementation including intial configuration. You may need to add NAT and static route configuration as well. They are on my previous posts. That is the topology that I used. One fortinet firewall is master, above and the other is slave. Lets started.
!!configure Fortinet1 – master
config system interface
edit port2
set ip 192.168.100.254/24
set allowaccess ping https ssh http
end
config system global
set hostname Fortigate-1
=======================================
show system interface
get system ha status
=======================================
!!take ownership of master
config system ha
set override enable
config system interface
edit port2
set ip 192.168.100.254/24
set allowaccess ping https ssh http
end
config system global
set hostname Fortigate-1
=======================================
show system interface
get system ha status
=======================================
!!take ownership of master
config system ha
set override enable
!!configure Fortinet2 – slave
config system interface
edit port2
set ip 192.168.100.253/24
set allowaccess ping https http ssh
end
config system global
set hostname Fortigate-2
=======================================
show system interface
=======================================
show system ha
config system ha
set override enable
config system interface
edit port2
set ip 192.168.100.253/24
set allowaccess ping https http ssh
end
config system global
set hostname Fortigate-2
=======================================
show system interface
=======================================
show system ha
config system ha
set override enable
A firewall that has highest priority take ownership of traffic. 250 is the highest. Also, there is heartbeat feature that provide both sides to detect each other.
In conclusion, it is straightforward to prepare and manage a redundant internet connection using fortinet firewalls.