Pages

Friday, March 30, 2018

fortinet - HIGH AVAILABILITY

high availability



internet ---- switch ----- fortigate1  ------- sw1 ------  fgt140d  ---- net1
|                        x
|--------- fortigate 2 ------  sw2  ----   fgt 40d  ---- net2


==================================



intinya klo 1 fortigate down, tugasnya akan dialihkan ke fortigate sebelahnya.
jadi network tetep up.

redundancy!


==================================
** setting di primary fortigate



- setting registration & licensing.


1 firmwarenya harus sama di ke 2 fortigate
2 register license & apply same level of license ( IPS, antivirus, webfiltering, forticlient, forticloud ,fortiguard)


3 system > setting > hostname  > primary-fortigate
4 system> HA > mode : active-passive
5 device priority naikin dari 128 ke 250  (higher,  default = 128)  -> buat jadi primary

6 group name: External-HA-Cluster
  password  : xxx

7 heartbeat interfaces :  2 interface yang mengarah ke fortigate yang lain.

8 heartbeat interfaces priority: 50


config system ha set group-id 25    !!  klo ada cluster yg lain. ( hrs di set group id )
end








====================================
note:
1 hrs ada switch diantara cluster fortigate - internet
2 hrs ada switch diantara cluster fortigate - internal network



===================================


**setting backup fortigate


1 firmwarenya harus sama di ke 2 fortigate
2 register license & apply same level of license ( IPS, antivirus, webfiltering, forticlient, forticloud ,fortiguard)

3 system > setting > hostname  > backup-fortigate
4 system> HA > mode : active-passive
5 device priority turunin dari 128 ke 50  (lower,  default = 128)  -> buat jadi backup )

6 group name: External-HA-Cluster      !! samain nama group seperti di fortigate primary
  password  : xxx


7 heartbeat interfaces :  2 interface yang mengarah ke fortigate yang lain.

8 heartbeat interfaces priority: 50



done.  nanti dicheck 1 role: master
                     2 role: slave

check via main > HA Status  > active-passive , uptime xxx

=================================




cara test:
- matiin primary fortigate

via cli:

#execute shutdown


=================
Posted by at
Labels: ,

3 comments:

Subscribe to: Post Comments (Atom)