FortiGate Cluster Protocol
As we have said, FortiGate Cluster Protocol (FCGP) provides failover protection (the clustered firewall services are available even after a failure on the primary unit). To explain the FGCP protocol, we can start from a practical example, showing the steps required to configure two FortiGate units (FortiGate_Master
and FortiGate_Slave
) in a cluster to connect two networks linked to the interfaces wan1
and wan2
with high availability (HA). The schema of this scenario is the one we can see in the following diagram:
As shown in the previous image, four network interfaces are required for each firewall. At least one port on every FortiGate must be dedicated to the connection to the two networks. The third and fourth network interfaces are dedicated to the connection between the two FortiGate units and are used for heartbeat (exchange of communication and synchronization of the information that allows a cluster to form).
Note
Configuring the cluster with a single cable...