Is it possible to load balancing with Active-Passive HA mode? Yesterday I have attended an training of Fortigate and trainer says it is possible but FortiGate documents say no.
Can anyone guide me, I am in confuse right now.
I have multiple FG-300D and FG-500D spread across the locations and the HA are configured in A-P Please refer the following document as reference
Thanks for the reply but I am not looking any reference documents for the configuration. I am looking the solution that is there any hidden command from FortiGate to make load balancing on A-P mode. Which may Fortigate is not sharing in his documents and want to share only on NSE8 certified engineer.
I think this is possible if you are enabling virtual VDOM.Use Virtual clustering and HA override
"Usually you would enable virtual cluster 2 and expect one cluster unit to be the primary unit for virtual cluster 1 and the other cluster unit to be the primary unit for virtual cluster 2. For this distribution to occur override must be enabled for both virtual clusters. Otherwise you will need to restart the cluster to force it to renegotiate."
What do you think? Is it load balancing or resources load balancing?
Resource Load balance
But I am talking about load balancing.
If you are talking about Wan Link Load Balancing, yes it is possible
NSE Certified : Level 8
Yes, I am talking about wan load balancing. Please guide for same, how can I configure the same?
You can follow this link :
Choose source-destination ip based as algorithm . Thats the most effective if you have identical wan connections.
For each wan switch connect one cable to FG1 and another to FG2.
Thanks for sharing knowledge. I am not sure it will work because FortiGate clearly mentions
"An active‑passive cluster consists of a primary unit that processes communication sessions, and one or more subordinate units. The subordinate units are connected to the network and to the primary unit but do not process communication sessions. Instead, the subordinate units run in a standby state. In this standby state, the configuration of the subordinate units is synchronized with the configuration of the primary unit and the subordinate units monitor the status of the primary unit."
We are running these scenarios for hundreds of customer with thousands of users and it is supported by Fortinet.
One of the customer we are using load balancing for has around 28000 clients connected and we are using 2 WAN Links of 800 Mbps each.
And Fortigates are installed in HA Active-Passive Mode
If this is about load-balancing among several internet links (Wan Link Load Balancing in 5.2/5.4, SD-Wan in 5.6), it has nothing to do with clusters :
a standalone Fortigate can do it
a A-P cluster can do it
a A-A cluster can do it
However, in the training, load-balancing in A-A clusters is about load-balancing between several FortiGates. That way you can use more actively the CPU of another FortiGate in the cluster (which justifies the ability to use up to 4 units in a cluster).
Products Solutions Support Partners Threat Research Contact Us