“To successfully form an HA cluster, you must ensure that the members have the same:

• Model: hardware model or VM model

• Firmware version

• Licensing: includes the FortiGuard license, virtual domain (VDOM) license, FortiClient license, and so on

• Hard drive configuration: the same number and size of drives and partitions

• Operating mode: the operating mode—NAT mode or transparent mode—of the management VDOM.”

“From a configuration and setup point of view, you must ensure that the HA settings on each member have the same group ID , group name, password, and heartbeat interface settings. Try to place all heartbeat interfaces in the same broadcast domain , or for two-member clusters, connect them directly.”

Technical Deep Dive:

The correct answers are A and D .

A is correct because FGCP cluster formation requires matching HA parameters, and group ID is explicitly one of them. If the group ID differs, the units will not consider each other part of the same cluster during HA discovery and election.

D is correct because FortiGate HA expects hardware parity in critical platform characteristics, including hard drive configuration . If disk layout differs, the members do not satisfy the HA formation prerequisites.

B is incorrect because the study guide does not require heartbeat interfaces to be in the same IP subnet. The requirement is that heartbeat links be in the same broadcast domain , or directly connected in a two-node design. In practice, heartbeat links are Layer 2 adjacency links; IP subnet matching is not the stated requirement.

C is incorrect because the guide does not say both units must start with the same number of configured VDOMs. What must match is the licensing level and the operating mode of the management VDOM . After cluster formation, the primary synchronizes its configuration to the secondary.

A practical verification set before forming FGCP HA is:

get system status

show system ha

diagnose sys ha status

Operationally, FGCP then uses the heartbeat links for member discovery, health monitoring, election, and config/session synchronization. On supported hardware, session forwarding and HA processing can still benefit from FortiGate’s ASIC-assisted architecture, but HA state, config sync, and election logic remain control-plane functions handled by FortiOS.