Fortigate HA configuration
HTML-код
- Опубликовано: 25 мар 2021
- In this video we will learn how to add a backup FortiGate to form a high availability (HA) cluster to improve network reliability.
Here is another video related to Networking
Fortigate Firewall Integrate with CISCO Switch • Fortigate Firewall Int...
Fortigate Firewall Traffic shaping configuration • Fortigate Firewall Tra...
Fortigate Firewall VLAN configuration • Fortigate Firewall VLA...
How to configure VPN site to site on Cisco Router • How to configure VPN s...
ASA firewall wan failover • ASA firewall wan failover
How to add Fortigate and Mikrotik firewall for GNS3 • How to add Fortigate a...
How to add cisco switch layer3 and cisco ASA for GNS3 • How to add cisco switc...
How to configure ASA firewall step by step • How to configure ASA f...
Fortigate SD WAN link monitor • fortigate SD WAN link ...
Fortigate firewall SD-WAN setup • Fortigate Firewall SD WAN
Fortigate firewall basic configuration • Fortigate Firewall bas...
How to configure port security on CISCO Switch • How to configure port ...
What is Management VLAN on CISCO Switch • What is Management VLA...
How to configure inter VLAN routing VTP and DHCP Server on Cisco Switch Layer3 • How to configure inter...
How to configure inter VLAN routing and DHCP server on cisco router • How to configure inter...
How to configure WAN failover on cisco router • How to configure WAN f...
How to configure Access List SSH Remote in Cisco Router • How to configure Acces...
Here you can download directly from my file for GNS3 resources needed.
Windows OS image drive.google.com/file/d/10pxv...
CISCO Images : drive.google.com/drive/folder...
GNS3 for Windows : drive.google.com/drive/folder...
Firewall_Router : drive.google.com/drive/folder...
VMware WorkStation 12 : drive.google.com/file/d/1HZ0h...
FortiGate mid-range next-generation firewalls (NGFWs) provide high performance, multi-layered advanced security, and better visibility to protect against cyber-attacks while reducing complexity.
FortiGate firewalls are purpose-built with security processers to enable the industry’s best threat protection and performance for SSL-encrypted traffic.
VLAN: Virtual Local Area Network reduce the broadcast domain and separate the LAN into different subnet.
VLANs can be used to partition a local network into several distinctive segments, for instance:
-Production
-Server Farm
-Voice over IP
-Network management
-Storage area network (SAN)
-Guest Internet access
-Demilitarized zone (DMZ)
A subinterface is a virtual interface created by dividing one physical interface into multiple logical interfaces.
A sub-interface in a Cisco Router uses the parent physical interface for sending and receiving data.
We use Subinterfaces for inter VLAN traffic routing by using a Router-on-a-Stick configuration
DHCP Server: provide IP address to the client for each VLAN.
A DHCP Server is a network server that automatically provides and assigns IP addresses, default gateways and other network parameters to client devices.
It relies on the standard protocol known as Dynamic Host Configuration Protocol or DHCP to respond to broadcast queries by clients.
If you like my video please like, comment, subscribe #TanKirivann and turn on notification for more videos. 
Хобби
Good lesson video I enjoyed and I learn a lot of form the lab
thank you bro for your support, see with the next videos.
Thank Brother for your Sharing
hi bro, you are welcome!
Super..really helpful..
Hi bro thank you for your support🙏
A-P : Master firewall will process communication sessions but Standby firewall will working on standby mode only.
A-A : Master firewall will process communication sessions and Standby firewall will help to process security profile.
Thank you bro for sharing these topic, it is very detail explanation. I really learn from you with the topic.
Thanks brother
hi bro, thank you.🙏🙏🙏😊
hi bro perfect work
thank you bro for your support
Hi, I have a question, When I configure HA A-P between firewall I always lost the management for the FW master, I only have access to the Slave Firewall, but I need to access to both Firewalls independently can you help me?
hi bro, thank you for your question. if u want to access FW directly u need to set up management IP for the interface that u want to access. actually at the end of my video i also demo about these issue. pls watch till the end thanks😊
Hi, I just want to ask one question:
What happens if the heartbeat connection goes down? Slave FGT will act as Master as it loses the synchronization whether the Master FGT is already up and working. Wont there be conflict in the Network? Please clear my doubt. Also, i could not understand A-P and A-A mode by reading cookbook in the site. Could you please explain in detail .
thank you bro for very good question. if the heartbeat down, your network will be down too. we suggest to have 2 link of heartbeat and it is direct link. for HA-A-P the FG slave do nothing beside checking the master alive. for HA-A-A the FG slave help to process some policy profile so both master and slave work together for a better performance. please correct me if i am wrong or miss understanding. thank you
@@tankirivann Thank you Brother. It cleared my doubt.
@@gyanendrakafle9235 thank you bro
Suppose the core switch is connected to L2 MPLS VPN to access servers at the HQ. what would would be the process?
Hi bro sorry for late reply, actually I never meet this kind of topology before. very interested topic and question, I will test it. thank you for your comment🙏🙏🙏
🥰
Hi bro, how can we add fortigate device to set up lab as your video above on GNS3.
Thank you for watching my video. I already upload the video about adding fortigate you can see my previous video here ruclips.net/video/8iSyCqOP6L4/видео.html
Hi, can i know what is configured in the isp switch/router? what ip is configured in e0 and e1?
Hi bro, thank you for your question. isp switch it is a normal ethernet switch, nothing configure there. the IP we get from cloud in this LAB. thank you and I see u with the next video
For this lab how much RAM and CPU you have allocated under gnsclient-> edit preferences -->GNS3VMserver ?... Because my lab is getting hang... iam having 16gb ram /i7 processors. i added 3iou switches / two fortigate / 6vpcs and one nat cloud for internet access. Kindly do help me out how much RAM and VPCU should need to allocate.. when i have 16BG RAM on my laptop.
thank you bro for your sharing. for GNS3 VM the defualt RAM is 2G but I allocated it 8G for my lab. I hope u the answer and I see u with the next topic
Hi brother, i have one question, when configure HA A-A and A-P?
Thank you for your question. HA a-p cluster provides hot standby failover protection.
HA a-a provides load balancing and failover protection. HA a-a load balancing distributes proxy-based security profile processing to all cluster units.
here is the document about HA configuration on FortiGate HA A-A or HA A-P docs.fortinet.com/document/fortigate/6.0.0/handbook/313980/active-passive-and-active-active-ha
Could you tell me brother why I can't connect fortiagte when I configure static IP on fortigate already?
hi bro, sorry for late respond. can u ping FG IP? if u want to access FG by web u need to allow http and if u want to ping IP u need to allow ping as well. pls let me know if u still have any other issue
@@tankirivann Thank for your response, now I can connect already when I tried to install windows VMWare on GNS3.
@@novacrafty77 thank you bro for your feedback, i hope u can practice for LAB and if u have any other question pls let me know. i see u with the next video
Hello just to check will Fortigate 60D and Fortiwifi 60D will work on HA with same firmware version?
Hi bro thank you very much for your question. for my understanding, you need to have same model, firmware version OS, license as well. Pls correct me if am wrong.
@@tankirivann thank you
you are very welcome bro
Everything works properly, but I have stuck with going through the internet!
Hi bro, maybe you are looking for this one How to configure GNS3 access to Internet
ruclips.net/video/XvhA3DNxQ_I/видео.html
Please! I need a help because I can not see my vlan on the switch core
thank you for watching my vdo, to see the vlan u need command: show vlan brief
I configure two VLANs on the Fortigate VM64-KVM, but I can't see the VLANs on my Cisco EtherSwitch Router C3670
@@chaybouabaziz2006 hi bro, u need to create vlan on your core switch as well. pls check my vdo i already do fortigate with cisco switch. pls let me know if u need any other help.
hello,in the 20:00 minute you didnt create vlans on the iou2 switch;thats why the clients did not get ip addresses
Thank you my friend for paying attention on my video, vlan will create automatically when it doesn't have. cheers
@@tankirivann thanks to you dear TAN,your videos are so informatives
@@aksel9392 thank bro for your support, you can share your experience too so we can learn from each other. cheers
@@tankirivann i am a junior network ingeneer,so the part i dont master is between the core switch and the internet router which you ve explained in your videos.i thank you so much for your effort and if you ve any question about lan networking it will be with pleasure to share it with me.
@@aksel9392 ok bro, appreciate with your sharing.
Hello
When u upload new video brother? 😁
A bit BC with my work bro, pls wait more topic interesting will upload soon. thank you for your support.
Can you please make a video on site to site fortigate vpn
hi bro, thank you for your request. I will update ASAP
សួស្ដីបង, សូមជួយពន្យល់ការប្រើប្រាស់vlan trunk and access, thanks.
សួស្តីបង វីដេអូខ្ញុំមុនៗមាននិយាយរួចហើយបងអាចចូលទៅមើលបាន
អគុណបង😍
Please help share link
@@thebestsong3513 បើមានចំងល់អីអាចសួរបន្ថែមបាន
ruclips.net/video/VzImyGuesAo/видео.html
ruclips.net/video/1zOWfj1jknU/видео.html
ruclips.net/video/E8zuUbvaCbo/видео.html
@@tankirivann thanks so much!
please help to update more videos
Thank you for your support. I try my best to create new video ASAP, sorry a bit delay
How to configure 2 Fortigate 100D's in High Availability setup with 2 ISP, 2 stacked Cisco c3750 switches. (core switch) and 2 access switches 2960S.
thank you very much for watching my video, I hope this topic help you with your network requirement. refer to my lab here you just add another ISP same network connection link with the switch. if you have any issue pls let me know so we can find out the issue together.
@@tankirivann thanks, you configure HA with 2 switch core, 2 fortigate and 2 isp
@@nhutngoc3947 thank you for your request, adding to my list and will update the VDO ASAP
Create Vlan for each isp in the isp/wan switch. Assign 3 ports to each vlan. One port for isp termination and other 2 are for primary & secondary firewall
Can you teach again ? speak khmer.
Thank you very much bro for your request. I will make another video version in Khmer regarding to this topic.