본문 바로가기

업무이야기/Security

FortiSandbox Cluster

by 쫑콩아빠 2018. 5. 8.
728x90
Example configuration
This example shows the steps for setting up an HA cluster using three FortiSandbox 3000D units.
Step 1 - Prepare the hardware
The following hardware will be required:
l Nine cables for network connections
l Three 1/10 Gbps switches
l Three FortiSandbox 3000D units with proper power connections (units A, B, and C).
The master and primary slaves should be on different power circuits.
Step 2 - Prepare the subnets
Prepare three subnets for your cluster (customize as needed):
l Switch A: 192.168.1.0/24: For system management.
l Gateway address: 192.168.1.1
l External management IP address: 192.168.1.99
l Switch B: 192.168.2.0/24: For internal cluster communications.
Administration Guide
Fortinet, Inc.
116
HA-Cluster URL Package
l Switch C: 192.168.3.0/24: For the outgoing port (port 3) on each unit.
l Gateway address: 192.168.3.1
Step 3 - Setup the physical connections
1. Connect port 1 of each FortiSandbox device to Switch A..
2. Connect port 2 of each FortiSandbox device to Switch B.
3. Connect port 3 of each FortiSandbox device to Switch C.
Step 4 - Configure the master
1. Power on the device (Unit A), and log into the CLI (see Connecting to the Command Line Interface on page 11).
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.99/24
set port2-ip 192.168.2.99/24
set port3-ip 192.168.3.99/24
set default-gw 192.168.3.1
3. Configure the device as the master node with the following commands:
hc-settings -s -tM -nMasterA -cTestHCsystem -ppassw0rd -iport2
hc-settings -l
See Appendix A - CLI Reference on page 163 for more information about the CLI commands.
4. Review the cluster status with the following command:
hc-status -l
Other ports on the device can be used for file inputs.
Step 5 - Configure the primary slave
1. Power on the device (Unit B), and log into the CLI.
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.100/24
set port2-ip 192.168.2.100/24
set port3-ip 192.168.3.100/24
set default-gw 192.168.3.1
3. Configure the device as the primary slave node with the following commands:
hc-settings -s -tP -nPslaveB -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd
4. Review the cluster status with the following command:
hc-status -l
Step 6 - Configure the normal slave
1. Power on the device (Unit C), and log into the CLI.
2. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.101/24
set port2-ip 192.168.2.101/24
set port3-ip 192.168.3.101/24
set default-gw 192.168.3.1
3. Configure the device as a slave node with the following commands:
hc-settings -s -tR -nSlaveC -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd
117 Administration Guide
Fortinet, Inc.
URL Package HA-Cluster
4. Review the cluster status with the following command:
hc-status -l
Step 7 - Configure other settings
Configure required settings, such as other static routes if you need to access the HA cluster through a router and
scan profiles for malware detection. All configuration can only be done on the master device.
Step 8 - Finish
The HA cluster can now be treated like a single, extremely powerful standalone FortiSandbox unit.

 

In this example, files are submitted to, and reports and logs are available over IP address 192.168.1.99.

 

 

728x90