Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiADC 7.6.0 Administration Guide
    7.6.0
    8.0.2
    8.0.1
    8.0.0
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0

    High Availability

    High Availability

    FortiADC appliances can be deployed either as standalone units or within High Availability (HA) clusters.

    Overview

    In a FortiADC HA cluster, the configuration consists of a minimum of two and up to eight nodes, with each node representing an instance of the FortiADC appliance. The role of each node in traffic handling is dictated by the HA deployment mode. In both Active-Passive and Active-Active HA modes, the cluster elects a single Primary node, while the remaining nodes operate as Secondary. In an Active-Passive deployment, the Primary node exclusively processes all incoming traffic, with Secondary nodes in standby mode. In contrast, in an Active-Active cluster, all nodes concurrently process traffic, distributing the load across the cluster.

    Regardless of the deployment mode, nodes continuously monitor each other's operational status via HA heartbeat messages, which are periodically transmitted across all nodes. If the Primary node fails, the HA cluster initiates its election mechanism, selecting a new Primary node from the pool of Secondary nodes to ensure high availability and prevent service disruption.

    The election of the Primary node follows a hierarchical set of criteria:

    1. Link health — Nodes with failed monitor port links are marked as down.
    2. Remote IP monitor health — Assesses the status of remote IP health checks.
    3. Override setting — Prioritizes the configured priority setting over uptime.
    4. Port availability — The node with the highest number of available ports is preferred.
    5. Uptime — The node with the longest uptime is favored.
    6. Device priority — Nodes with a lower priority number take precedence (for example, priority 1 over priority 2).
    7. Serial number sorting — Serial numbers are evaluated character by character from left to right, with higher alphanumeric values (such as '9' and 'z') given precedence.

    Heartbeat monitoring forms the backbone of the failover mechanism in any HA mode. Each node sends periodic heartbeat packets to all other nodes within the cluster. If a node ceases to transmit heartbeat traffic, it is considered non-operational, triggering the failover sequence, which redistributes traffic to the remaining operational nodes to maintain continuity.

    Full configuration synchronization in the HA cluster is controlled by the Configuration Source, a designated node responsible for replicating configuration settings across the cluster. During cluster initialization, full configuration synchronization is typically initiated from this node, propagating its configuration to other members, with exceptions defined by the configuration policies. Post-initialization, if session and persistence settings are enabled for HA, nodes continuously synchronize their session and persistence tables in real time. This ensures uniform session and persistence state information across the cluster, which is critical for enabling stateful failover and maintaining load balancing with minimal disruption during node transitions.

    HA deployment modes

    FortiADC offers three High Availability (HA) deployment modes, each optimized for different operational requirements and deployment scenarios. Select the HA mode that best aligns with your performance requirements and deployment capabilities.

    Active-Passive (HA-AP)

    In an Active-Passive HA configuration, a single Primary node processes all traffic and handles all data operations, while up to seven Secondary nodes remain in standby mode. If HA specific management IP is not configured, the Primary node’s management IP address is the only one active, and administrative access is permitted only when this node is in the Primary role. During failover, if the Primary node becomes unavailable or requires maintenance, a Secondary node automatically assumes the Primary role, ensuring uninterrupted service and seamless transition. To manage a standby node, users must either connect through a console port or configure the Management Interface to access all nodes via the Management IP. HA-AP delivers a highly stable and straightforward deployment with minimal prerequisites, making it suitable for environments where high reliability and ease of management are essential.

    For more information and detailed steps to deploy Active-Passive HA, see Deploying an Active-Passive cluster.

    Active-Active (HA-AA)

    In HA-AA mode, all nodes actively process traffic, distributing the load and ensuring high availability. This configuration requires a complex setup and strict adherence to specific deployment conditions to achieve optimal performance. It is designed for high-demand environments needing maximum performance and advanced load balancing capabilities. In an Active-Active cluster, each node has a unique IP address for all interfaces, including the management interface. When operating in standalone mode, the physical port IP address is active; in HA mode, the address assigned from the HA node IP list is used. Administrative access is available via the active management IP address for any node. This configuration supports robust performance and scalability, provided all ideal deployment conditions are met.

    For more information and detailed steps to deploy Active-Active HA, see Deploying an Active-Active cluster.

    Active-Active-VRRP (HA-VRRP)

    HA-VRRP employs a VRRP-like protocol to enable concurrent traffic handling across all FortiADC nodes configured with multiple traffic groups, enhancing throughput and performance through effective load balancing and redundancy. This mode requires fewer deployment conditions than HA-AA, making it suitable for environments needing increased performance and active traffic management. In an Active-Active-VRRP cluster, FortiADC uses the Heartbeat Interface for internal node status communication and supports synchronization of the sessions, persistence, and image through both the Heartbeat Interface and Data Interface. Although named similarly, FortiADC does not implement the VRRP protocol and cannot interact with third-party VRRP devices, while still ensuring robust internal synchronization and management capabilities.

    For more information and detailed steps to deploy Active-Active-VRRP HA, see Deploying an Active-Active-VRRP cluster.

    HA system requirements

    Ensure the following requirements are met to configure HA in FortiADC.

    • Hardware and firmware consistency — All appliances must be of the same hardware model and run the identical firmware version.

    • Redundant network topology — The network must be designed to handle node failures, with physical cabling and routes capable of redirecting traffic to the remaining member nodes.

    • Physical ports for communication — Each HA appliance must have at least one physical port dedicated to heartbeat and data traffic between cluster members. For Active-Passive configurations, connect the ports directly with a crossover cable. For Active-Active clusters, connect the nodes using a shared Layer 2 switch.

    • Heartbeat and synchronization traffic — Ensure that heartbeat and synchronization traffic between nodes is carried over the designated physical network ports. If switches are used, the interfaces must support Layer 2 multicast for proper communication. When applying Synchronization settings, configure the Heartbeat Interface (responsible for HA status communication) and the Data Interface (used for traffic forwarding) on separate physical ports to prevent potential conflicts and ensure optimal performance. Using distinct ports minimizes the risk of latency and packet loss, which could otherwise disrupt HA synchronization and impact data traffic.

    • Licensing requirements — Each appliance must have a valid license. For FortiADC-VM, a paid license is required; trial licenses are not supported.

    FortiADC-VM supports High Availability (HA). However, if you prefer not to utilize the native HA functionality, you can leverage your hypervisor or virtual machine environment manager to enhance availability. For instance, in VMware environments, you can utilize vMotion or VMware HA to manage virtual appliances across a hardware cluster, improving overall system resilience and uptime.

    HA configuration and monitors

    The following sections cover the steps on how to view and configure settings required for HA.

    Previous
    Next

    High Availability

    High Availability

    FortiADC appliances can be deployed either as standalone units or within High Availability (HA) clusters.

    Overview

    In a FortiADC HA cluster, the configuration consists of a minimum of two and up to eight nodes, with each node representing an instance of the FortiADC appliance. The role of each node in traffic handling is dictated by the HA deployment mode. In both Active-Passive and Active-Active HA modes, the cluster elects a single Primary node, while the remaining nodes operate as Secondary. In an Active-Passive deployment, the Primary node exclusively processes all incoming traffic, with Secondary nodes in standby mode. In contrast, in an Active-Active cluster, all nodes concurrently process traffic, distributing the load across the cluster.

    Regardless of the deployment mode, nodes continuously monitor each other's operational status via HA heartbeat messages, which are periodically transmitted across all nodes. If the Primary node fails, the HA cluster initiates its election mechanism, selecting a new Primary node from the pool of Secondary nodes to ensure high availability and prevent service disruption.

    The election of the Primary node follows a hierarchical set of criteria:

    1. Link health — Nodes with failed monitor port links are marked as down.
    2. Remote IP monitor health — Assesses the status of remote IP health checks.
    3. Override setting — Prioritizes the configured priority setting over uptime.
    4. Port availability — The node with the highest number of available ports is preferred.
    5. Uptime — The node with the longest uptime is favored.
    6. Device priority — Nodes with a lower priority number take precedence (for example, priority 1 over priority 2).
    7. Serial number sorting — Serial numbers are evaluated character by character from left to right, with higher alphanumeric values (such as '9' and 'z') given precedence.

    Heartbeat monitoring forms the backbone of the failover mechanism in any HA mode. Each node sends periodic heartbeat packets to all other nodes within the cluster. If a node ceases to transmit heartbeat traffic, it is considered non-operational, triggering the failover sequence, which redistributes traffic to the remaining operational nodes to maintain continuity.

    Full configuration synchronization in the HA cluster is controlled by the Configuration Source, a designated node responsible for replicating configuration settings across the cluster. During cluster initialization, full configuration synchronization is typically initiated from this node, propagating its configuration to other members, with exceptions defined by the configuration policies. Post-initialization, if session and persistence settings are enabled for HA, nodes continuously synchronize their session and persistence tables in real time. This ensures uniform session and persistence state information across the cluster, which is critical for enabling stateful failover and maintaining load balancing with minimal disruption during node transitions.

    HA deployment modes

    FortiADC offers three High Availability (HA) deployment modes, each optimized for different operational requirements and deployment scenarios. Select the HA mode that best aligns with your performance requirements and deployment capabilities.

    Active-Passive (HA-AP)

    In an Active-Passive HA configuration, a single Primary node processes all traffic and handles all data operations, while up to seven Secondary nodes remain in standby mode. If HA specific management IP is not configured, the Primary node’s management IP address is the only one active, and administrative access is permitted only when this node is in the Primary role. During failover, if the Primary node becomes unavailable or requires maintenance, a Secondary node automatically assumes the Primary role, ensuring uninterrupted service and seamless transition. To manage a standby node, users must either connect through a console port or configure the Management Interface to access all nodes via the Management IP. HA-AP delivers a highly stable and straightforward deployment with minimal prerequisites, making it suitable for environments where high reliability and ease of management are essential.

    For more information and detailed steps to deploy Active-Passive HA, see Deploying an Active-Passive cluster.

    Active-Active (HA-AA)

    In HA-AA mode, all nodes actively process traffic, distributing the load and ensuring high availability. This configuration requires a complex setup and strict adherence to specific deployment conditions to achieve optimal performance. It is designed for high-demand environments needing maximum performance and advanced load balancing capabilities. In an Active-Active cluster, each node has a unique IP address for all interfaces, including the management interface. When operating in standalone mode, the physical port IP address is active; in HA mode, the address assigned from the HA node IP list is used. Administrative access is available via the active management IP address for any node. This configuration supports robust performance and scalability, provided all ideal deployment conditions are met.

    For more information and detailed steps to deploy Active-Active HA, see Deploying an Active-Active cluster.

    Active-Active-VRRP (HA-VRRP)

    HA-VRRP employs a VRRP-like protocol to enable concurrent traffic handling across all FortiADC nodes configured with multiple traffic groups, enhancing throughput and performance through effective load balancing and redundancy. This mode requires fewer deployment conditions than HA-AA, making it suitable for environments needing increased performance and active traffic management. In an Active-Active-VRRP cluster, FortiADC uses the Heartbeat Interface for internal node status communication and supports synchronization of the sessions, persistence, and image through both the Heartbeat Interface and Data Interface. Although named similarly, FortiADC does not implement the VRRP protocol and cannot interact with third-party VRRP devices, while still ensuring robust internal synchronization and management capabilities.

    For more information and detailed steps to deploy Active-Active-VRRP HA, see Deploying an Active-Active-VRRP cluster.

    HA system requirements

    Ensure the following requirements are met to configure HA in FortiADC.

    • Hardware and firmware consistency — All appliances must be of the same hardware model and run the identical firmware version.

    • Redundant network topology — The network must be designed to handle node failures, with physical cabling and routes capable of redirecting traffic to the remaining member nodes.

    • Physical ports for communication — Each HA appliance must have at least one physical port dedicated to heartbeat and data traffic between cluster members. For Active-Passive configurations, connect the ports directly with a crossover cable. For Active-Active clusters, connect the nodes using a shared Layer 2 switch.

    • Heartbeat and synchronization traffic — Ensure that heartbeat and synchronization traffic between nodes is carried over the designated physical network ports. If switches are used, the interfaces must support Layer 2 multicast for proper communication. When applying Synchronization settings, configure the Heartbeat Interface (responsible for HA status communication) and the Data Interface (used for traffic forwarding) on separate physical ports to prevent potential conflicts and ensure optimal performance. Using distinct ports minimizes the risk of latency and packet loss, which could otherwise disrupt HA synchronization and impact data traffic.

    • Licensing requirements — Each appliance must have a valid license. For FortiADC-VM, a paid license is required; trial licenses are not supported.

    FortiADC-VM supports High Availability (HA). However, if you prefer not to utilize the native HA functionality, you can leverage your hypervisor or virtual machine environment manager to enhance availability. For instance, in VMware environments, you can utilize vMotion or VMware HA to manage virtual appliances across a hardware cluster, improving overall system resilience and uptime.

    HA configuration and monitors

    The following sections cover the steps on how to view and configure settings required for HA.

    Previous
    Next