So my aim was to setup FortiGate High Availability failover in Active / Passive mode. I’m setting this up in EVE-NG and here’s what my lab looks like;
Note: Im using TWO connections for Heartbeat/Failover, you can simply use one if you prefer.
FortiGate High Availability (Pre-Requisites)
Obviously the firewalls need to be the same! For physical firewalls that’s straightforward, but be careful if you are using virtual FortiGates, make sure they are the same hardware and licence versions!
As you can see in my topology (above), each port needs to be connected to the same network on BOTH firewalls.
Make sure both firewalls are running the SAME firmware.
Make sure the interfaces are not getting their IP addresses from DHCP, or PPPoE.
I’m assuming the primary firewall is all setup and configured properly, the secondary firewall then needs to be built, licensed, and internet connected (so it can update etc). Note: It will take it’s config from the primary firewall when configured.
FortiGate High Availability (Active Passive) From Command Line
I know, Fortinet like to say that there’s no need to be working at command line these days, but when you see how easy it is to setup from CLI, you might choose to do it that way instead.
Primary FortiGate High Availability Setup
FortiGate uses priority to set the primary firewall, by default it sets the value to 128. So I’m going to set my Primary firewall to 200 and my Secondary firewall to 100.
Here are the commands you can simply copy and paste;
[box]
config system ha
set group-id 10
set group-name HA-GROUP
set mode a-p
set password Password123
set hbdev port3 0 port4 0
set session-pickup enable
set override enable
set override-wait-time 10
set priority 200
end
[/box]
What does all that mean? The Group ID and Group Name, are shared by all firewalls in the cluster. (Yes cluster, you can scale this up to more firewalls). Mode simply sets the mode to a-p (active passive). Hbdev denotes the interfaces used for the heartbeat network, (the zeros denote that they will be used equally). Session-pickup allows the firewalls to share the session state table for your clients, (i.e. provides seamless TCP session failover). Override is enabled, this will fail back the the primary firewall when it becomes available. Note: wait-time is enabled and set to 10 seconds to avoid any ‘flap / stutter’ that may cause disconnections when executing the override. Then finally the priority is set to 200.
Secondary FortiGate Hight Availability Setup
Practically the same, but you don’t need to set override, and the priority will be lower (100).
[box]
config system ha
set group-id 10
set group-name HA-GROUP
set mode a-p
set password Password123
set hbdev port3 0 port4 0
set session-pickup enable
set priority 100
end
[/box]
FortiGate HA Monitor and TroubleShooting
At this point go and have a coffee, the config needs replicating from the primary to the secondary, and this can take a few minutes. Use the following command to check;
[box]
get system ha status
[/box]
You want to see them both ‘in-sync‘.
To troubleshoot, use;
[box]
diagnose system ha status
[/box]
FortiGate Failover (Active Passive) From GUI
On the Primary (pre configured) firewall, System > HA > Change the drop down to Active-Passive.
Monitor Interfaces: {you can leave this blank, unless you only want to monitor certain interfaces}.
Heartbeat Interfaces: {enter one or more interfaces}.
What’s Management interface Reservation? : You can use this to have separate management for each firewall, (usually you can’t get to the standby/secondary firewall for GUI/SSH management etc).
Clock OK when complete
You should see something like this;
Jump onto the Secondary firewall, and set it the same, (with the exception of the priority).
Note: Override (Fail Back) cannot currently be set in the GUI.
Wait a while and hit refresh, you should see both firewalls in Sync
Possible Bug in 6.4.4 build 1803 (GA)
When carrying out the above procedure (from the web management console), my firewalls did not sync, while trouble shooting at command line they were both set as primary and appeared not to be able to see the other, they were saying;
{Firewall Serial Number}is selected as the master because it’s the only member in the cluster.
Despite many hours of troubleshooting/rebuilding, this kept happening, it worked fine when configured from command line, but not from the GUI. When I checked the commands after using the GUI I noticed that “set group-id {number}” was missing from the config. If I added this manually it started syncing straight away?
Related Articles, References, Credits, or External Links
Thanks to the good folk at Fortinet for sending me some licences to test this (much appreciated).
You want to deploy 2 Cisco ASA 55xx Series firewalls in an Active/Standby failover configuration.
Solution
Assumptions.
Hardware on both ASA firewalls is identical.
The correct license’s for failover are installed on both firewalls.
The same software versions are installed on both firewalls.
You have your PRIMARY firewall set up and running correctly (Everything works!).
In this example the firewalls were ASA5510’s and all interfaces were being used, so the Management port was used as the “Failover Link” (That needs a security plus license!).
This Link will use a crossover cable (Only available after version 7.0(2) before that you had to use a switch – I think!).
Also I’m using the same link for LAN Based failover (heartbeat) AND Stateful replication.
IP Addresses
Each interface will need its existing IP address, and an address to use whilst in “Standby”. In this example I will use the following,
4. Set up the failover LAN interface (In config mode!).
[box]
PetesASA(config)#
PetesASA(config)# failover lan interface FAIL-OVER Gigabitethernet1/7
INFO: Non-failover interface config is cleared on Management0/0 and its sub-interfaces
PetesASA(config)#
ciscoasa(config)#
ciscoasa(config)# failover lan interface FAIL-OVER Gigabitethernet1/7
INFO: Non-failover interface config is cleared on Management0/0 and its sub-interfaces
ciscoasa(config)#
[/box]
YES: that’s the same as the primary firewall there WON’T be a conflict).
Detected an Active mate
Beginning configuration replication from mate.
[/box]
19. When is says that is has ended replication On the secondary firewall, issue a “show failover” (Note: the hostname will have changed to the one on the primary firewall).
[box]
PetesASA(config)#
PetesASA(config)# show failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 7.2(2), Mate 7.0(5)
Last Failover at: 14:49:43 UTC May 4 2007
This host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5510 hw/sw rev (1.1/7.2(2)) status (Up Sys)
Interface Outside (123.123.123.124): Link Down (Waiting)
Interface DMZ1 (192.168.1.254): Link Down (Waiting)
Interface DMZ2 (192.168.2.254): Link Down (Waiting)
Interface Inside (172.16.1.254): Link Down (Waiting)
slot 1: empty
Other host: Primary - Active
Active time: 514 (sec)
slot 0: ASA5510 hw/sw rev (1.1/7.0(5)) status (Up Sys)
Interface Outside (123.123.123.123): Link Down (Waiting)
Interface DMZ1 (192.168.1.1): Link Down (Waiting)
Interface DMZ2 (192.168.1.1): Link Down (Waiting)
Interface Inside (172.16.1.1): Link Down (Waiting)
slot 1: empty
[/box]
20. To double check go back to the PRIMARY firewall and issue the same command.
[box]
PetesASA(config)# show failover
Failover On
Failover unit Primary
Failover LAN Interface: failover Management0/0 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 1
Monitored Interfaces 4 of 250 maximum
Version: Ours 7.0(5), Mate 7.2(2)
Last Failover at: 13:21:42 UTC May 4 2007
This host: Primary - Active
Active time: 616 (sec)
slot 0: ASA5510 hw/sw rev (1.1/7.0(5)) status (Up Sys)
slot 1: empty
Interface Outside (123.123.123.123): Link Down (Waiting)
Interface DMZ1 (192.168.1.1): Link Down (Waiting)
Interface DMZ2 (192.168.2.1): Link Down (Waiting)
Interface Inside (172.16.1.1): Link Down (Waiting)
Other host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASA5510 hw/sw rev (1.1/7.2(2)) status (Up Sys)
slot 1: empty
Interface Outside (123.123.123.124): Link Down (Waiting)
Interface DMZ1 (192.168.1.254): Link Down (Waiting)
Interface DMZ2 (192.168.2.254): Link Down (Waiting)
Interface Inside (172.16.1.254): Link Down (Waiting)
[/box]
21. The failover time out of the box is a bit pants, to nail it down a little, on the PRIMARY ASA
22. Save the config. (Note: config changed WILL be replicated to the standby firewall).
[box]
PetesASA(config)#
PetesASA(config)# write mem
Building configuration...
Cryptochecksum: 6650f6c9 09bbb5f0 0dafa0d1 8fc08aba
8756 bytes copied in 3.680 secs (2918 bytes/sec)
[OK]
PetesASA(config)#
[/box]
23. When done pull the power on ASA 1 to fail. With a constant ping running you usually will only lose 1 ping packet.
Failover Commands to Copy and Paste
Note: This assumes you have already added ‘standby’ IP addresses to all you interfaces and is using GigabitEthernet0/4 as the failover interface. Change the values in bold to match your requirements.
[box]
Primary Firewall Config
clear configure interface GigabitEthernet0/4
interface GigabitEthernet0/4
no shut
exit
!
failover lan interface failover GigabitEthernet0/4
failover interface ip failover 192.168.255.9 255.255.255.252 standby 192.168.255.10
failover lan key 666999
failover lan unit primary
failover
failover link failover GigabitEthernet0/4
!
failover poll 1 hol 3
failover poll interface 3
interface GigabitEthernet0/4
failover poll interface 3
exit
!
Standby Firewall Config
clear configure interface GigabitEthernet0/4
interface GigabitEthernet0/4
no shut
exit
!
failover lan interface failover GigabitEthernet0/4
failover interface ip failover 192.168.255.9 255.255.255.252 standby 192.168.255.10
failover lan key 666999
failover lan unit secondary
failover
failover link failover GigabitEthernet0/4
!
[/box]
Related Articles, References, Credits, or External Links
Thanks to Barry van Dijk for correcting up my syntax mistake 🙂
In part two we built our reference machine and took an image of it using WDS. Now to automate the deployments we need to create some unattended answer files, these will answer all the questions that the Windows 8 machines will ask while they are building. We will take those files and import them into the WDS server we configured in part one. Finally to make sure everything is working we will deploy Windows 8.
Solution
Download and Install the Windows Assessment and Deployment Kit for Windows 8
1. We used to have the WAIK for Windows 7, now this has been replaced with the ADK. (download link).
2. It’s a MASSIVE download, it will take a long time.
Create a WDS Distribution Share
1. On a drive that has some room (Approx 5GB should be fine,) create a folder.
2. Launch the System Image Manager.
3. In the top left section > Right click ‘Select a Distribution Share’ > Select ‘Create Distribution Share..’
4. Navigate to the folder you created earlier.
5. Now you don’t need to do this next part, but I copy the full contents of the Windows 8 DVD into this folder as well.
6. Like so.
7. Then in the bottom left section > Right click > ‘Select Windows Image..’.
8. Navigate to the Windows 8 Media > Sources Directory > Select ‘install.wim’.
Note: The install.wim MUST match the version you are going to deploy, it’s no good pointing to a Windows 8 Pro image if you are going to deploy Windows 8 Enterprise.
9. Select the version you are going to deploy > OK.
10. This is normal, select yes to create a catalog file. It will take a while, it has to mount the image, interrogate it and create all the components. Now would be a good time to put the kettle on.
Create the Unattended file for WDS (WDSUnattended.xml)
This unattended file will be just for the WDS settings, it will not be applied to the image you are going to deploy. It sets the keyboard and language settings for WDS to use, then it gives the credentials to connect to WDS, and wipes all the partitions from the target machines hard drive. It then repartitions it ready for deployment.
WARNING: As reiterated below, the disk configuration settings below will wipe the target machines drive of ALL partitions, even manufacturers rescue partitions. If you are imaging machines anyway this should not be a problem, but don’t email me to complain of you lose the recovery files for a laptop/PC while you were practicing!
1. Create a new answer file.
2. The components may not start amd64 (if you are deploying x86 images) and some of the numbers might be different on yours. But the main titles of the components will be the same. Locate Microsoft-Windows-Internationa-Core-WinPE.
3. Add it to Pass 1. If you are unfamiliar with SIM, you add a component (or a sub component) to one of the ‘Passes’ in the center, then you can select that component (or sub component) and set the values for its settings in the top right hand section. The SIM builds an XML file in the background which will become the unattended answer file.
4. You will now see this component under pass 1, select it and set the following settings. (These are for my local English Great Britain settings, you may need to change your settings according to your locale).
Wiping the Targets Hard Drive and Partitions with WDS
6. Locate the Microsoft-Windows-Setup component > Disk Configuration sub component.
7. Add to Pass 1.
8. Right click > Insert New Disk.
9. Expand > Disk > Create Partitions > Right click > ‘Insert New CreatePartition’.
10. Select the DISK.
Disk ID = 0 WillWipeDisk = true
11. Select the Partition.
Extend = true Order = 1 Type = Primary
12. Right click ModifyPartition > Insert New ModifyPartition.
13. With the new ModifyPartition selected.
Action = AddlistItem Active = true Extend = false Format = NTFS Label = SYSTEM Letter = C Order = 1 PartitionID = 1
Select Partition to install Image to
1. Locate the WindowsDeploymentService sub component, (also in Microsoft-Windows-Setup).
2. Add to Pass 1.
3. Expand Image Selection > Install To.
Disk ID = 0 PartitionID = 1
4. Expand Login > Credentials.
Domain = {Your domain name i.e. petenetlive.com would be PETENETLIVE). Password = {Of a user with administrative rights – IT WILL GET OBFUSCATED*). Username = {Of a user with administrative rights).
*I used to say ‘encrypted‘, but thats NOT the case, they are simply Base64 encoded.
Attach the Answerfile to the WDS Server
1. Save the file you have just created.
2. Place it in your Remoteinstall folder in the WdsClientUnattend sub folder.
3. Launch the Windows Deployment Services management console > Expand Servers > Right click your server > Properties.
4. Client tab > Tick to enable unattended installation > I’m deploying x64 bit images so next to that option > Browse.
5. Navigate to and select the file you have just created > Open > Apply > OK.
Create the Unattended file for Your Image (OOBEUnattend.xml)
1. Create a new answer file.
2. Locate the Microsoft-Windows-Shell-Setup component.
3. Add to Pass 4.
4. With the component selected.
ComputerName = * CopyProfile = true (Unless you don’t want to copy the profiles from your source image). ProductKey = Your 25 character Windows 8 unlock code Note: Only put in a code of you are deploying with MAK keys or Retail Keys, if you are planning on using KMS leave this option blankRegisteredOrganization = Your business name. RegisteredOwner = Your owners name. ShowWindowsLive = false {now depreciated for Windows 8} TimeZone = GMT Standard Time Note: For other time zones see here
Automatically Join the Domain
1. Locate the Microsoft-Windows-UnattendedJoin component
2. Add to Pass 4.
3. With Identification selected.
JoinDomain = {Your domain name i.e. petenetlive.com would be PETENETLIVE). UnsecureJoin = true
Set the Image Language and Keyboard Settings
4. Locate the Microsoft-Windows-International-Core component.
Set the Local Administrator Password and Add a Local Administrator
Note: The local admin account is disabled by default, so here I’m setting the local admin’s password, and then creating a new local admin user called Sysadmin.
1. Locate the Microsoft-Windows-Shell-Setup component > UserAccounts sub component
2. Add to Pass 7.
3. With AdmnistratorPassword selected set the password value.
4. Right click LocalAccounts > Insert New LoacalAccount.
5. With LocalAccount selected.
Action = AddListItem Description = Sysadmin DisplayName = Sysadmin Group = Administrators Name = Sysadmin
6. Then set the password value.
7. Save the answer file.
8. Save the file as OOBEUnattand.xml
Attach the Answer file to the Windows 8 Image
1. Launch the Windows Deployment Services Management console.
2. Locate the Windows 8 Image you are attaching the answer file to > Right click > Properties.
3. Tick the option ‘Allow image to install in unattended mode’ > Select File > Browse.
4. Select the OOBEUnattend.xml file you created earlier.
5. Note: It makes a copy of the file and stores it elsewhere calling it ImageUnattend.xml (watch out for this if you need to edit the answer file and nothing changes!)
Deploy Your Windows 8 Image.
1. Boot your target machine to the network via pXe > Press F12 to boot from the WDS.
2. Install an Image.
3. Select the image you want to deploy.
4. After the install, the machine should reboot and present you with a domain logon.
5. And your programs and settings will be pre-configured.
Related Articles, References, Credits, or External Links
I’ve had very little exposure to JUNOS and Juniper equipment, and later in the year I have to deploy some for a client in a failover cluster. So I had a good look round on the Internet, and found loads of good blog posts and KB articles like this one. The problem is they are all geared to setting up a cluster, they ASSUME you then know about security zones, how to add default routes, and setup NAT etc. So they don’t cover that. Yes you then can set up a cluster, but it has no IP addresses, and you cant pass any traffic though it! Hopefully this will redress the balance.
Solution
Before you start, you obviously need two physical firewalls running the same OS, and this whole procedure is carried out from command line, (I’m using the console cable).
Things that took me a while to grasp, that you need to know.
1. The SRX240 has 16 ports numbered ge-0/0/0 to ge-0/0/15, when you cluster them the ports on the secondary firewall (node1) are renumbered to ge-5/0/0 to ge-5/0/16.
2. As soon as you cluster the firewalls the first port (on both) is reserved for management. That’s ge-0/0/0 and ge-5/0/0 they are then refereed to as fxp0.
3. As soon as you cluster the firewalls the second port (on both) is reserved for the firewalls control plane. That’s ge-0/0/1 and ge-5/0/1 they are then refereed to as fxp1.
4. You need to dedicate another port on both firewalls for the firewalls data link this can be any port, but to keep things simple I’ll use the next free port on both firewalls (ge-0/0/2 and ge-5/0/2). These will then be referred to as fab0 and fab1 (respectively).
Thats the clustering side of things, what about the networks I’m going to connect to the firewall. Take a look at this diagram;
Both the firewalls have a connection to each network (which makes sense if they are going to fail over). I’ve got an ‘outside’ network that connects to the Internet. ‘Inside’ I’ve got two networks, (most people reading this will have one, but remember this is practice for a live client, and they have two data LANS).
As all the networks are connected in two places, where do you assign IP addresses? Well above you can see the outside connections are plugged into ge-0/0/4 and ge-5/0/4. You add both these physical interfaces to a Reth (Redundant Ethernet Interface), and you assign the IP to that. So I have three Reth interfaces, (Reth0 for outside, Reth1 for the first inside network, Reth2 for the second inside interface).
So only Reth interfaces have IP addresses? Well no, the two fxp0 interfaces on each physical firewall, also get an IP address (for out of band management), and it’s a different one for each firewall.
Step 1: SRX240 Setup a Chassis Cluster.
1. Before we start you need to delete the existing interfaces from the config (ALL of them), otherwise you will get some errors later on when you try and commit (save) the firewall config. Also remove the hostname, we will set that in a minute.
[box] delete interfaces ge-0/0/0
delete interfaces ge-0/0/1 —Repeat for the rest of the interfaces—
delete interfaces ge-0/0/14
delete interfaces ge-0/0/15
delete system host-name[/box]
2. Connect ge-0/0/0 to management network > Connect ge-5/0/0 to management network >
Connect ge-0/0/1 on Primary to ge-5/0/1 on Standby, (this can’t be changed and will be the fxp0 connection) > Connect ge-0/0/2 on Primary to ge-5/0/2 on Standby (this can be changed but will be the fab0 and fab1 connection).
3. Carry out the following procedure on BOTH firewalls. This sets the host names of the firewalls and the IP addresses of the management interfaces.
[box]set groups node0 system host-name FW-A
set groups node0 interfaces fxp0 unit 0 family inet address 192.168.254.1/24
set groups node1 system host-name FW-B
set groups node1 interfaces fxp0 unit 0 family inet address 192.168.254.2/24
set apply-groups “${node}”[/box]
4. On FW-A (the primary node0) turn on clustering.
6. Back on FW-A (the remainder of the config will be done on node0), set the configuration for the data link, notice I’m deleting the interface again, (I had a lot of bother with this so let’s play it safe). Then I’m saving the changes with a ‘commit’ command, because at this point if something is wrong it will tell you.
[box]delete interfaces ge-0/0/2
set interfaces fab0 fabric-options member-interfaces ge-0/0/2
set interfaces fab1 fabric-options member-interfaces ge-5/0/2
commit[/box]
Step 2 Create Redundancy Groups
1. Redundancy group 0 is created by default so set the priority for that one first.
[box]root@FW-A# set chassis cluster redundancy-group 0 node 0 priority 100
root@FW-A# set chassis cluster redundancy-group 0 node 1 priority 1[/box]
2. Create a new redundancy group that the Reth interfaces will use.
[box]root@FW-A# set chassis cluster redundancy-group 1 node 0 priority 100
root@FW-A# set chassis cluster redundancy-group 1 node 1 priority 1[/box]
Step 3 Define and Add Physical Interfaces to the Reth Interfaces
1. Define the number of Reth interfaces (two inside and one outside).
[box]root@FW-A# set chassis cluster reth-count 3[/box]
2. Allocate Reth0 to the physical interfaces (for outside).
{primary:node0}[edit interfaces]
root@FW-A# set ge-0/0/8 gigether-options redundant-parent reth1
root@FW-A# set ge-5/0/8 gigether-options redundant-parent reth1
root@FW-A# set reth1 redundant-ether-options redundancy-group 1
root@FW-A# set reth1 unit 0 family inet address 192.168.20.1/24 [/box]
6. Setup Reth2 (inside). Add the physical interfaces, and apply redundancy group 1 (again) then save the changes.
1. To get traffic out to the Internet. the cluster needs the IP of its ‘next-hop’, (usually the router supplied by your ISP).
Note: If you’re anything like me after you enter this you will try and ‘ping’ the router from the firewall, or ping an Internet. IP address, at this point that wont work, (you need to allocate interfaces to security zones first).
[box]root@FW-A# set routing-options static route 0.0.0.0/0 next-hop 123.123.123.1[/box]
Step 5 Add interfaces to Security Zones and Allow Traffic Out
Note: I’m simply allowing all traffic out.
1. Make sure the Security Zones ‘Trust’ and ‘Untrusted’ Exist
[box]root@FW-A# show security zones or
root@FW-A# run show security zones[/box]
2. Add the Reth0 Interface to the Untrusted zone.
[box]root@FW-A# set security zones security-zone untrust interfaces reth0.0 [/box]
3. Allow traffic.
[box]{primary:node0}[edit]
root@FW-A# set security zones security-zone untrust host-inbound-traffic system-services all
root@FW-A# set security zones security-zone untrust host-inbound-traffic protocols all[/box]
4. You can check the changes before you commit them.
5. Then add Reth1 and Reth2 to the Trusted zone and repeat the process to allow all traffic.
[box]root@FW-A# set security zones security-zone trust interfaces reth1.0
root@FW-A# set security zones security-zone trust interfaces reth2.0
root@FW-A# set security zones security-zone trust host-inbound-traffic system-services all
root@FW-A# set security zones security-zone trust host-inbound-traffic protocols all[/box]
6. Let’s check to see all that worked.
[box]
{primary:node0}[edit]
root@FW-A# show security policies from-zone trust to-zone untrust
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
{primary:node0}[edit]
root@FW-A# show security policies
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
[/box]
Step 6 Allow Remote Management
1. We have two interfaces dedicated to out of band management, and we gave them an IP address earlier. Here I’m allowing remote administration via web to the J-Web console.
[box]root@FW-A# set system services web-management https interface fxp0.0[/box]
Step 7 Perform NAT on ‘Outgoing’ traffic.
1. Here we are doing what Juniper call ‘Source NAT‘ where we translate many addresses to one, (as in this case, but it can be a ‘pool’ of IP addresses). For the Cisco heads (like me) we are doing PAT.
Note: If you see Juniper mention ‘Destination NAT‘ they are usually talking about NATTING inbound traffic to one (or more) internal IP addresses.
[box] set security nat source rule-set TRUST-TO-UNTRUST from zone untrust
set security nat source rule-set TRUST-TO-UNTRUST to zone trust
set security nat source rule-set TRUST-TO-UNTRUST rule PAT-INTERFACE match source-address 192.168.0.0/16
set security nat source rule-set TRUST-TO-UNTRUST rule PAT-INTERFACE match destination-address 0.0.0.0/0
set security nat source rule-set TRUST-TO-UNTRUST rule PAT-INTERFACE then source-nat interface [/box]
Related Articles, References, Credits, or External Links
Before starting the hard drive must be formatted, refer to the PARTITIONING section for more details. You CAN format a partition that is ALLREADY formatted to “wipe it clean”.
WARNING: Formatting a Partition that contains information will DESTROY that information.
This section deals with FAT32 formatting, this is required for operating systems like Windows 95/98/ME but can also be used by Windows 2000 and XP – The only time I would recommend using FAT32 for 2K and XP, is if you are dual booting your PC with two operating systems, and still want to see ALL the drive from either operating system.
Solution
Formatting a Partition
1. First ensure you have a windows 98SE Bootdisk, you can download one, CLICK HERE
2. Boot the PC with your boot disk, ENSURE the boot order is set in the BIOS to boot from the floppy disk BEFORE the hard drive.
3. When The PC has booted simply type format c: {enter}.
4. You will get a warning that you are about to “Wipe” your drive and erase all the data. Press Y then {enter}.
5. The drive will now start formatting, depending on the drive size, this may take a while – time for a coffee :0)
6. The system will now create the File Allocation Table – This is like a “routemap” for your operating system so it can find all its files.
7. You will now be asked to enter a Volume Label, if you have a lot of partitions to do this is a good idea, i.e. Music, WorkStuff etc.
8. If you don’t want a Volume Label, just press {enter} I’m calling this one PETESDRIVE.
9. This will tell you some information about the drive, for example how big it is, this one is approx 4Gb. And that’s it finished.
Related Articles, References, Credits, or External Links
This section assumes you have multiple partitions, and goes through the steps needed to remove them using FDISK
WARNING: Removing partitions DESTROYS all the data in those partitions, make sure you have a backup of your important information.
For this example the hard drive in question has a PRIMARY partition (approx 2Gb) and two LOGICAL DRIVES (each approx 1Gb) if I’ve just confused the hell out of you CLICK HERE
Solution
Deleting Partitions
1. First ensure you have a windows 98SE Bootdisk, you can download one, CLICK HERE
2. Boot the PC with your boot disk, ENSURE the boot order is set in the BIOS to boot from the floppy disk BEFORE the hard drive.
3.To launch FDISK simply type fdisk {enter} at the command prompt, when the program launches press the Y key and {enter} to enable large drive support.
4. This is the main FDISK menu, as we are Deleting partitions we need to change the selection from the default [1] to [3] “Delete partition or logical DOS Drive” Press 3 then {enter}
5. Now remember the LOGICAL drives must be deleted FIRST so we need to select “Delete logical DOS Drive(s) in the Extended partition” Press 3 then {enter}
6. Now the system will display the logical drives, work your way BACKWARDS, the last drive letter here is E so simply push E then {enter}.
7. FDISK will ask you for the volume label – ours does not have one so we can simply press {enter} if yours does it will be listed above in the volume label column.
8. At this point you must confirm by pressing Y then {enter}
9. The default view will change to show you that E: drive has been deleted, and you can continue to delete the D: drive, simply press D then {enter}.
10. Again it will prompt for volume label (See step 8 above).
11. You will be asked to confirm press Y then {enter}.
12. You will now see the Logical drives are BOTH deleted, press Esc to exit.
13. At the confirmation page just press Esc.
14. Back at the main menu! Now the LOGICAL drives are gone you can delete the EXTENDED partition. Press 3 then {enter}.
15. To remove the EXTENDED partition press 2 then {enter}.
16. There is only one EXTENDED partition so press Y then {enter}.
17. More confirmation! Just Press Esc.
18. Now the EXTENDED Partition is gone you can remove the PRIMARY partition press 3 then {enter}.
19. Well we know we want the PRIMARY gone so press 1 then {enter}.
20. Its the only one there :0) Press 1 then {enter}.
21. If you have a volume label enter it, if not press {enter}.
22. Press Y then {enter}.
23. Confirmation screen, just press Esc.
24. Nearly done! Press Esc.
25. Press Esc to exit FDISK, when you are back at command line press Ctrl+Alt+Del to reboot the PC. All your partitions are now removed.
Now you’re done you can either repartition the drive OR if you’re installing Windows 2000 or XP let it do it for you as part of the install process.
To set up simple partitioning (One Partition, one Drive Letter) CLICK HERE
To set up complex partitioning (multiple partitions, multiple drive letters) CLICK HERE
Related Articles, References, Credits, or External Links
This section assumes you want multiple partitions, and goes through the steps needed to create them using FDISK.
For this example the hard drive in question will have a PRIMARY partition (approx 2Gb) and two LOGICAL DRIVES (each approx 1Gb) if I’ve just confused the hell out of you CLICK HERE
Solution
Creating Partitions
1. First ensure you have a windows 98SE Bootdisk, you can download one, CLICK HERE
2. Boot the PC with your boot disk, ENSURE the boot order is set in the BIOS to boot from the floppy disk BEFORE the hard drive.
3.To launch FDISK simply type fdisk {enter} at the command prompt, when the program launches press the Y key and {enter} to enable large drive support.
4. This is the main FDISK menu, as we are creating partitions we need to create a DOS partition press 1 then {enter}.
5. Now remember that PRIMARY partitions MUST be created first so press 1 then {enter}.
6. FDISK does a drive check, just wait.
7. At this point we DON’T want the default setting or the PRIMARY partition would take up the whole drive, press N then {enter}.
8. FDISK does another drive check, just wait.
9. You need to type in the size (In Megabytes) that you want the PRIMARY partition to be, this is a 4 Gb drive so I’ve typed 2048 Mb (2Gb) then press {enter}.
10. This just confirms the partition was created, press Esc.
11. Now we are back at the main menu, we need to start creating an EXTENDED partition, so press 1 then {enter}.
12. EXTENDED partition is number two so press 2 then {enter}.
13. Yet another drive check, more waiting :0)
14. Now we want to use the rest of the drive for the EXTENDED partition and by default it will show us this value. Press {enter}
15. Just a confirmation screen, we can see our nice new partitions now, press Esc.
16. Now because we’ve got an EXTENDED partition and no LOGICAL DRIVES, it gets us to create them by default, after another drive check of course :0)
17. Now by default it will try and use the whole EXTENDED partition, as we want two logical drives, we don’t want it to do this, so type in the size (In Megabytes) of the drive you want, in this case I’ve used 1024Mb (1Gb) then press {enter}.
18. And there she is! time for FDISK to do yet another drive check, just wait.
19. Now it wants us to use up the rest of the EXTENDED partition, if you want a LOT of LOGICAL DRIVES you can keep going, as we only want two just press {enter}.
20. OK there’s our two LOGICAL DRIVES and FDISK is telling us that we have used up all the EXTENDED partition, just press Esc.
21. Now the last thing we need to do is make the PRIMARY partition active (so you can boot from it) press 2 then {enter}.
22. There’s your PRIMARY partition at the top, so press 1 then {enter}.
23. Now FDISK tells us the partition is active, press Esc.
24. Back wherewe started :0) Press Esc.
25. Press Esc to exit FDISK, when you are back at command line press Ctrl+Alt+Del to reboot the PC. All your partitions are now created.
Once the PC has rebooted you can format each drive using the format c: command (substitute c for all your other drives. If you’re going to install windows 2000 or XP you won’t need to do this it can be done from the operating system setup.
Related Articles, References, Credits, or External Links
You want to remove the partitions form your carved up hard drive.
Solution
Deleting a Partition
1. First ensure you have a windows 98SE Bootdisk, you can download one, CLICK HERE
2. Boot the PC with your boot disk, ENSURE the boot order is set in the BIOS to boot from the floppy disk BEFORE the hard drive 3.To launch FDISK simply type fdisk {enter} at the command prompt, when the program launches press the Y key and {enter} to enable large drive support
4. This is the main FDISK menu, as we are Deleting a single partition we need to change the selection from the default [1] to [3] “Delete partition or logical DOS Drive”
5. Press 3 then {enter}
6. As there is only one partition leave the default setting of [1] and press {enter}
7. You will now see the partition displayed (In this case called partition 1) as this is the only partition it is selected by default, just press {enter}
8.You will now be asked to type in the “Volume Label” this drive is blank so you can just hit {enter} if yours has a label it will be shown in the volume label column (above)
9. You are asked to confirm (Last chance to change your mind :0)
10. Press Y then {enter} to confirm
11. This confirms the partition is deleted (You can now Exit FDISK if you do not want to create a partition, by pressing Esc) When you are back at command line press Ctrl+Alt+Esc to reboot the PC.
Related Articles, References, Credits, or External Links
This page deals with “Simple Partitioning” though reference will be made to how newer operating systems use partions.
Common Misconceptions
“All Partiions have a drive letter” NO
“All drive letters are a separate partition” NO
Solution
OK then! Take a hard drive, I will show it below as a “large block of space”
If you are only going to have one partition and its going to be your only drive letter then you would simply put in a PRIMARY PARTITION and set it to ACTIVE (So it can be booted from) once it has been formatted it will be the only drive (Usually C:)
However if you want the hard drive to appear as multiple drive letters c: d: etc then you need to partition it differently, you will still need your primary partition but it WONT fill up the entire drive space.
Now comes the confusing bit, if you want any more drives you need to create an EXTENDED partition. An extended partition will have NO drive letter assigned to it and cannot be formatted (Bear with me :0)
It is in the EXTENDED partition you can create further drives, create them one by one to fill up the extended partition – unless you want to leave some space for the future. Each of these drives are called LOGICAL DRIVES, and when formatted each will have its own drive letter.
This system is used by Operating systems like Windows 95/98/ME modern Operating systems like Windows 2000 and XP can utilise up to 4 Primary partitions, but lets keep things simple.
To set this up you would normally use the command line utility FDISK, Remember partitions MUST be created in this order Primary, Extended then Logical. And if your deleting partitions you MUST delete them in reverse order, Logical, Extended then Primary.
For a walkthrough on creating Primary partitions CLICK HERE
For a walkthrough on creating Primary/Extended Partitions, and Logical drives CLICK HERE
For a walkthrough on deleting Primary partitions CLICK HERE
For a walkthrough on deleting Primary/Extended Partitions, and Logical drives CLICK HERE
Related Articles, References, Credits, or External Links