Fortinet FortiGate 4000 Switch User Manual


 
High availability Managing an HA cluster
FortiGate-4000 Installation and Configuration Guide 87
Managing an HA cluster
The configurations of all of the FortiGate units in the cluster are synchronized so that
the FortiGate units can function as a cluster. Because of this synchronization, you
manage the HA cluster instead of managing the individual FortiGate units in the
cluster. You manage the cluster by connecting to the web-based manager or CLI
using any interface configured for management access (except the HA interface). All
units in the cluster are synchronized with the same interface IP addresses.
Connecting to any interface IP address configured for management access connects
to that cluster interface, which automatically connects you to the primary FortiGate
unit in the cluster.
You can also use SNMP to manage the cluster by configuring a cluster interface for
SNMP administrative access. Using an SNMP manager you can get cluster
configuration information and receive traps.
You can change the cluster configuration by connecting to the cluster and changing
the configuration of the primary FortiGate unit. The cluster automatically synchronizes
all configuration changes to the subordinate units in the cluster as the changes are
made.
The only configuration change that is not synchronized is the FortiGate host name.
You can give each cluster unit a unique host name to help to identify cluster members.
For information about changing the host name of cluster members, see “Changing
cluster unit host names” on page 92.
You can use the web-based manager to monitor the status and logs of individual
cluster members. See “Monitoring cluster members” on page 89 and “Viewing and
managing cluster log messages” on page 90.
You can manage individual cluster units by using SSH to connect to the CLI of the
cluster. From the CLI you can use the execute ha manage command to connect to
the CLI of each unit in the cluster. You can also manage individual cluster units by
using a null-modem cable to connect to the primary cluster unit. From there you can
also use the execute ha manage command to connect to the CLI of each unit in the
cluster. See “Managing individual cluster units” on page 92 for more information.
Note: You cannot connect to the HA interfaces to manage the cluster or to manage individual
FortiGate units in the cluster.