Ensure that FortiGate devices are configured for High Availability (HA). Rationale: Configuring High Availability (HA) increases system availability as well as decreases impact of routine maintenance (Firmware updates, cable moves, etc.) and the the impact of device failure. Impact: Not having High Availability (HA) configured correctly and synced properly impacts the availability of the FortiGate devices as well as any systems that require traversing the FortiGates. With properly configured HA in place outages can be minimized during firmware updates as well as if there are power outages or device failures. NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
In GUI: Navigate to 'System' and then 'HA' Ensure 'Mode' is set to proper setting 'Active-Active' or 'Active-Passive' Review Configuration settings 'Cluster Name' must match on devices 'Password' Must match on devices 'Heartbeat Interfaces' need to be defined on devices Click 'OK' to save changes and exit In CLI: FGT1 # config system ha FGT1 (ha) # set mode a-p ###(Active-Passive) FGT1 (ha) # set group-name 'FGT-HA' ###(Set cluster name) FGT1 (ha) # set password ******* ###(Set password) FGT1 (ha) # set hbdev port10 50###(Set Heartbeat Interface and priority) FGT1 (ha) # end To review configuration in CLI FGT1 # config system ha FGT1 (ha) # show config system ha set group-name 'FGT-HA' set mode a-p set password ENC enrwD467hJmO6j6YW/l6FEOa1YNVYdo8Z5mCcTDEKUFpOVXcNYnPBmQDGX//ViXk6TkwNH0il5aJr/fZY25lq+husndQHZVWp2LIlXmCv/n81U43nkZUWaIKvqkellGFbhv0/IHoOLzQPCsVcBbyrsgoprYMvh6w7F06+nRriBtMNQxpOV5V+e388EcwsOOMsXBZOw== set hbdev 'port10' 50 set override disable end Default Value: N/A