This blog is a continuation of my hands-on experience with FortiGate firewalls, primarily focusing on PRACTICAL LAB EXERCISES.
In this lesson, we will configure High Availability in FortiGate Firewalls.
This is my personal notebook and way of sharing what I learn throughout my FortiGate journey. I am hoping it saves some people few hours of their time researching the internet.
📌What I expect from you:
- You have already finished Lesson 1 and Lesson 2. Click Below!
➡️LESSON 1: First Bootup (Initial Setup)
➡️LESSON 2: Internet Access (Basic Config)
📌Series Navigation:
New to this series? I recommend starting with the introduction: ➡️ Learning Fortinet Firewall: Introduction and Important Notes
📍Bookmark this post as it contains all key references, updates, and diagrams/topology for consistency throughout the series.
📌About the Lab:
FortiGate HA will be configured in Active/Passive mode using two FortiGate firewalls in this laboratory session. The goal of the HA configuration is to create a redundant environment and assure that there is continuity of network operation despite any failure in the primary FortiGate.
The focus of this lab exercise is on understanding basic HA functionality such as failover through manual action, failover from link health, HA Override (Preempt), HA Override Wait timers, and remote IP monitor (HA Ping Server).
🎯Lab Objectives:
1️⃣ Configure a FortiGate Active-Passive HA cluster 2️⃣ Separate the management interface of the Active and Passive firewalls using Management Interface Reservation (MIR) 3️⃣ Verify Primary and Secondary firewall roles 4️⃣ Perform manual failover by shutting down the Active firewall 5️⃣ Test failover caused by a monitored interface failure 6️⃣ Configure and verify HA Override / Preempt behavior 7️⃣ Configure override wait time before the preferred unit takes back the Primary role 8️⃣ Configure Remote IP Monitoring (HA Ping Server) using Link Monitor 9️⃣ Observe flip-flop failover behavior and understand prevention methods 🔟 Verify cluster health, failover status, and monitoring through CLI commands 1️⃣1️⃣ Ensure traffic continuity during failover events
✨Lab Guidelines:
📌What's Next?
- Still thinking :)
🗣️Let's Connect Feel free to follow along, comment, or connect with me on LinkedIn.
If you have a question, suggestion, or just want to chat about firewalls and networking — hit me up!
Thank you for reading — see you in the next lab post!