Fortigate-4000 ha configuration – Fortinet FortiGate 4000 User Manual

Page 55

Advertising
background image

Getting started

Planning the FortiGate configuration

FortiGate-4000 Installation and Configuration Guide

55

You typically use a FortiGate-4000 unit in Transparent mode on a private network
behind an existing firewall or behind a router. The FortiGate-4000 unit performs
firewall functions as well as antivirus and content scanning but not VPN.

The following interfaces are available in Transparent mode:

• External: the interface to the external network (usually the Internet).
• Internal: the interface to the internal network.

Figure 18: Example Transparent mode standalone network configuration

FortiGate-4000 HA configuration

Using HA, you can group two or more FortiGate-4000 units into an HA cluster. The HA
cluster can operate in active-active mode or active-passive mode.

An active-active HA cluster can increase virus scanning throughput by using load
balancing to distribute virus scanning to all of the FortiGate units in the cluster.

An active-passive HA cluster provides failover so that if a functioning FortiGate-4000
unit fails, processing is transferred to another FortiGate-4000 unit in the cluster
without interrupting network service.

Once the FortiGate-4000 units are added to the HA cluster, the cluster functions on
your network as a single FortiGate-4000 unit with one internal interface, one external
interface, and one out of band management IP address. The cluster manages
communication and load balancing between the FortiGate-4000 units in the cluster.

Because you can install up to 10 FortiGate-4000 units in a single FortiGate-4000
chassis, you can configure multiple HA clusters. Each FortiGate-4000 unit can only
belong to one cluster.

You can operate an HA cluster in NAT/Route or Transparent mode. A single
FortiGate-4000 chassis can contain clusters operating in NAT/Route mode and
clusters operating in Transparent mode. For more information on HA, see

“High

availability” on page 81

.

Internal network

192.168.1.3

204.23.1.5

Transparent mode policies controlling

traffic between internal and

external networks.

Internet

FortiGate-4000 unit

in Transparent mode

Internal

192.168.1.2

Management IP

192.168.1.1

External

(Firewall, router)

Gateway to

public newtwork

POWER ON/OFF

LAN 1

LAN 2

PWR/KVM STATUS

KVM/ACCESS

Advertising
Popular Brands
Popular manuals