I am confused to what happened to the slave's IP address. Before I set both my units to Active/Active cluster, I could reach each of them with their own IP. Now, I can still reach the master unit with the same IP. However: I can no longer reach my slave unit on the IP I used to reach it on prior to setting up the Cluster. What happened to it?
Do they share the same IP now that they are in a cluster? If so: How can I manage each of them from the web interface?
If not: Is there any way I can find the other unit without scanning my entire network manually?
The specific units I'm operating are FortiGate 60D
EDIT:
From what I can tell: They do share the same IP. A lot of my results on Google comes up with the CLI command: exec ha manage 1. I appear to be in the slave unit when I run that command. So now when I try to retrieve the IP address using this command: get system interface: It gives me the same IP address as my master unit have on the internal interface.
Is there any way I can manage the slave interface from the HTML GUI?
I've been "Googling" around for the last 5 hours with no progress.
Best Answer
Clustered Fortigate units become ONE unit in terms of L3 IP addresses, L2 MAC addresses, policies, objects etc. Only a few HA parameters along with the hostname are not mirrored from master to slave(s). The primary's IP addresses are used for the cluster; all slave addresses are overwritten. The real MAC addresses are hidden as well.
Active management of a slave unit is so uncommon that it's restricted to the CLI. Rebooting, shutting down, separating from the cluster come to my mind. To monitor CPU, memory and throughput you have GUI controls in System > Config > HA > HA statistics.
There's an exception to every rule. On Fortigate models starting in midrange (100D and up) you often find 'management ports'. These are physical ports which you can dedicate to management only - they will not route. They are the only ports that can be in the same subnet as other ports on the Fortigate. You can connect to each cluster unit then via GUI.
The Fortigate 60D does not have these special kind of ports.