Using The Fortiswitch-5003 In An Ha Cluster; Connecting The Cluster To Your Networks - Fortinet FortiGate FortiGate-5001FA2 Installation Manual

Configuring the FortiGate for the Network

Using the FortiSwitch-5003 in an HA cluster

Connecting the cluster to your networks

FortiGate-5000 series Installation Guide
config system global
set opmode transparent
end
4 Allow the FortiGate-5000 module to restart in Transparent mode.
5 Repeat this procedure for all of the FortiGate-5000 modules in the cluster then
continue with "Connecting the cluster to your networks" on page
The FortiSwitch-5003 module is an HA component designed for use in the
FortiGate-5050 and FortiGate-5140 chassis to provide full HA clustering capabilities
between FortiGate-5000 modules. The FortiSwitch-5003 can also provide HA
clustering between multiple FortiGate chassis.
The FortiSwitch-5003 acts as the switch, providing automatic connections through
internal ports 9 and 10 on the backplane of the FortiGate chassis.
You can connect a cluster operating in NAT/Route mode or Transparent mode. For
clusters within a FortiGate-5050 or FortiGate-5140 chassis, the FortiGate-5000
modules are connected in the cluster to each other through the FortiSwitch-5003. You
must also connect all matching interfaces in the cluster to the same hub or switch
which connects to your network.
For clusters within a FortiGate-5020, the FortiGate-5000 modules are connected to
each other on the chassis backplane. You must also connect each module to your
network. You must connect all matching interfaces in the cluster to the same hub or
switch. Then you must connect these interfaces to their networks using the same hub
or switch.
Inserting an HA cluster into your network temporarily interrupts communications on
the network because new physical connections are being made to route traffic through
the cluster. Also, starting the cluster interrupts network traffic until the individual
FortiGate-5000 modules in the cluster are functioning and the cluster completes
negotiation. Cluster negotiation normally takes just a few seconds. During system
startup and negotiation the FortiGate modules drop all network traffic.
Connect the matching interfaces of each FortiGate-5000 module to the same switch
and connect that switch to a network. The following sample shows an HA
configuration with a FortiGate-5020 chassis and two FortiGate-5000 interfaces
connected to two networks.
The modules negotiate to choose the primary cluster unit and the subordinate units.
This negotiation occurs with no user intervention and normally just takes a few
seconds.
01-28011-0259-20060210
High availability installation
37.
37