34
01-28011-0259-20060210
Fortinet Inc.
High availability installation
Configuring the FortiGate for the Network
Configuring FortiGate-5000 modules for HA using the web-based
manager
Use the following procedure to configure each FortiGate-5000 modules for HA
operation.
To change the FortiGate-5000 module host name
Changing the host name is optional, but you can use host names to identify individual
cluster modules.
1
Connect to the web-based manager.
See
“Connecting to the web-based manager” on page 14
.
Schedule
The schedule controls load balancing among the FortiGate-5000 modules in
the active-active HA cluster. The schedule must be the same for all
FortiGate-5000 modules in the HA cluster.
None
No load balancing. Select None when the cluster interfaces
are connected to load balancing switches.
Hub
Load balancing for hubs. Select Hub if the cluster interfaces
are connected to a hub. Traffic is distributed to units in a
cluster based on the Source IP and Destination IP of the
packet.
Least
Connection
Least connection load balancing. If the FortiGate-5000
modules are connected using switches, select Least
connection to distribute traffic to the cluster module with the
fewest concurrent connections.
Round Robin
Round robin load balancing. If the FortiGate-5000 modules
are connected using switches, select round robin to
distribute traffic to the next available cluster module.
Weighted
Round Robin
Weighted round robin load balancing. Similar to round
robin, but weighted values are assigned to each of the
modules in a cluster based on their capacity and on how
many connections they are currently processing. For
example, the primary module should have a lower weighted
value because it handles scheduling and forwards traffic.
Weighted round robin distributes traffic more evenly
because modules that are not processing traffic will be
more likely to receive new connections than modules that
are very busy.
Random
Random load balancing. If the FortiGate-5000 modules are
connected using switches, select random to randomly
distribute traffic to cluster modules.
IP
Load balancing according to IP address. If the
FortiGate-5000 modules are connected using switches,
select IP to distribute traffic to modules in a cluster based
on the Source IP and Destination IP of the packet.
IP Port
Load balancing according to IP address and port. If the
FortiGate-5000 modules are connected using switches,
select IP Port to distribute traffic to units in a cluster based
on the Source IP, Source Port, Destination IP, and
Destination port of the packet.
Note:
When configuring FortiGate-5000 modules for HA using the web-based manager, initially
each module will have an identical IP address. Insert the first module fully and configure it first
as the primary module, then add the other FortiGate-5000 modules and configure them as the
subordinates.
Table 5: High availability settings (Continued)