• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1461
  • Last Modified:

Fortigate 50B firewall redundant mode

Hi,  I'm trying to find out how to configure a Fortigate 50B firewall appliance for redundancy.  Currently, it is setup as a standalone firewall. Can this device even be setup for failover or redundancy?
0
Soho_Dan
Asked:
Soho_Dan
  • 5
  • 4
  • 3
2 Solutions
 
BaleboosCommented:
If you mean failover in its upstream (WAN) connections: yes. If you mean failover by pairing it with another device and have it kick in when the other one croaks: no.
0
 
Soho_DanAuthor Commented:
No, I meant if the firewall appliance fail.  As in not functioning due to power failure or just not working.  I'll like to configure another Fortigate 50B to automatically take over without user intervention.
0
 
BaleboosCommented:
I don't think the 50B can be paired with another. I have seen device load balancing/failover in other more high end Forti boxes but not the 50B. Found a screen that lets you set up Failover; but like I said, it's WAN failover.

As to power failure, why not buy a $70 UPS? The device sips power very lightly. Shouldn't be too expensive to give you 3 hours of battery backup.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 
Soho_DanAuthor Commented:
I meant power failure as in the the firewall appliance itself. Like a faulty firewall that goes down completely.  
It's something I'm trying to help a small company because they have no full time IT person. Maybe I'll recommend to them to purchase another FG50B, setup the same config and just leave it aside. The problem is that if anything were to change, someone must make the change to the spare one.
0
 
BaleboosCommented:
That's the usual "oh s***" plan of small companies. Have a spare preconfigured identical box for swapping when needed.
0
 
BaleboosCommented:
You can do periodic backups of the config on the operational one and back it up to the spare.
0
 
myramuCommented:
0
 
BaleboosCommented:
myramu is right. Sorry. It's not under "System->HA" it's under System->config->HA (At least on the 60B).

I did a cursory search for the words "High Availability" in the docs (here: http://docs.fortinet.com/fgt/archives/3.0/install/FortiGate-50_series_Install_Guide_01-30004-0265-20070831.pdf) and found it only at FG-100 - thus my mistake.
0
 
Soho_DanAuthor Commented:
One quick question Myramu. Must the two units have separate static IP address?
0
 
myramuCommented:
All interfaces should have the static IP addresses to build HA. Once you build the HA, only HA configuration (Config system HA) and host name will not be synchronized each other. It means even interface IP addresses will be synchronized with the firewall rules and routes.

If you need a separate IP for slave to manage, you can configure under HA configuration.

Good Luck!
0
 
Soho_DanAuthor Commented:
Sorry, I'm not sure what you meant.  

Do you mean I need to configure both Fortigate firewall appliance to have their own static IP addr or do they need to have the SAME static IP addr?
0
 
myramuCommented:
Both devices will have same IP addresses. Except the HA interface.

Steps to build HA:
- Configure the FW1 and FW2 with HA parameters .
- Connect the HB interfaces with cross cable.
- Connect the both firewalls internal interfaces to a switch.
- Connect the both firewalls wan interfaces to a switch.

Now config will be synchronized and FW1 & FW2 internal & wan IPs will be same.
When you access the GUI you are accessing primary firewall. Do whatever changes, it will be synched automatically.

Secondary you can access through cli only or by connecting a separate cable to secondary.

Read the earlier posted HA doc for fail-over options.

Good Luck!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now