Managing An Ha Cluster - Fortinet FortiGate FortiGate-1000A Administration Manual

System Config

Managing an HA cluster

FortiGate-1000A/FA2 Administration Guide
The configurations of all of the FortiGate units in the cluster are synchronized so that
the FortiGate units can function as a cluster. Because of this synchronization, you
manage the HA cluster instead of managing the individual cluster units. You manage
the cluster by connecting to the web-based manager using any cluster interface
configured for HTTPS administrative access. You can also manage the cluster by
connecting to the CLI using any cluster interface configured for SSH administrative
access.
You can also use SNMP to manage the cluster by configuring a cluster interface for
SNMP administrative access. Using an SNMP manager you can get cluster
configuration information and receive traps. For a list of HA MIB fields, see
fields" on page 115
You can change the cluster configuration by connecting to the cluster and changing
the configuration of the primary unit. The cluster automatically synchronizes all
configuration changes to the subordinate units in the cluster as the changes are
made.
The only configuration change that is not synchronized is the FortiGate host name.
You can give each cluster unit a unique host name to help to identify cluster members.
Individual cluster units are also identified by their serial number.
You can identify the role of a cluster unit from the front panel LCD. On the primary unit
the LCD displays primary. One the subordinate units, the LCD displays slave
<priority_id>. The priority_id is the priority that the subordinate unit has in
the cluster. If there are three units in the Cluster the LCD displays are:
• primary (a-a)
• slave 1 (a-a)
• slave 2 (a-a)
You can use the web-based manager to monitor the status and logs of individual
cluster members. See
"To view and manage logs for individual cluster units" on page
You can manage individual cluster units by using SSH to connect to the CLI of the
cluster. From the CLI you can use the execute ha manage command to connect to
the CLI of each unit in the cluster. You can also manage individual cluster units by
using a null-modem cable to connect to the primary cluster unit. From there you can
also use the execute ha manage command to connect to the CLI of each unit in the
cluster. See "To manage individual cluster units" on page 107
• To view the status of each cluster member
• To view and manage logs for individual cluster units
• To monitor cluster units for failover
• To manage individual cluster units
To view the status of each cluster member
1 Connect to the cluster and log into the web-based manager.
2 Go to System > Config > HA.
and "FortiGate HA traps" on page
"To view the status of each cluster member" on page 105
01-28011-0254-20051115
"HA MIB
114.
107.
for more information.
HA
and
105