Fortinet black logo

Handbook

6.3.2
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1

Configuring HA settings

Configuring HA settings

Before you begin:

  • You must have Read-Write permission to items in the System category.
  • Before you configure HA Settings, familiarize yourself on how FortiDDoS High Availability works, here.
To configure HA settings:
  1. Go to System > High Availability.
  2. Complete the configuration as described in the table below.
  3. Save the configuration.

After you have saved the configuration, cluster members begin to send heartbeat traffic to each other. Members with the same Group ID join the cluster. They send synchronization traffic directly through the HA connection.

NOTE: If you change the HA Mode from Active-Passive to Standalone, HA settings will be reset to Default. Before you change to Standalone, take a screenshot or otherwise record the Active-Passive settings so you can restore them when you return to Active-Passive Mode.

High availability page

High availability settings

Settings Guidelines
Configured HA Mode
  • Standalone
  • Active-passive

This setting should only be changed after other non-synchronized settings are complete, although this is not mandatory. See HA synchronization for settings that are not synchronized between devices. When changed to active-passive, all synchronized parameters on the Secondary device will be replaced with data from the primary device and made read-only. Non-synchronized parameters may be modified on the Secondary device, as required, while it is in Active-Passive mode.
Group Name Name to identify the HA cluster if you have more than one. This setting is optional, and does not affect HA function. The maximum length is 35 characters (no special characters or spaces are allowed).
Device Priority Number indicating priority of the member node when electing the cluster primary node. The smaller the number, the higher the priority. It is mandatory to set this correctly. The valid range is 0 to 9 and the default is 5.
Group ID Number that identifies the HA cluster.

Nodes with the same group ID join the cluster. If you have more than one HA cluster on the same network, each cluster must have a different group ID.

The valid range is 0 to 63. The default is 0.
Detection Interval Number of 100-millisecond intervals at which heartbeat packets are sent. This is also the interval at which a node expects to receive heartbeat packets. These numbers must match on Primary and Secondary.

The valid range is 1 to 20 (that is, between 100 and 2,000 milliseconds). The default is 2.
Heartbeat Lost Threshold Number of times a node retries the heartbeat and waits to receive HA heartbeat packets from the other node before concluding the other node is down. The valid range is from 1 to 60. The default is 6.
Port Mark the check boxes for the network interface to be used for port monitoring and heartbeat packets. Use the same port number for both systems. For example, if you select mgmt2 on the primary node, select mgmt2 as the heartbeat interface on the other node.

The standard practice is to use mgmt2 for port monitoring and heartbeat packets with a dedicated cable between the devices. However, the HA multicast traffic can share a management port that has an IP address for system GUI/CLI access. If not directly connected, ensure that the two HA ports/systems have Layer 2 multicast connectivity between them.

CLI commands:

config system ha

set mode <standalone | active-passive>

set group-name <group_name_str>

set priority <priority_int>

set group-id <group_id_integer>

set hb-interval <hb_interval_int>

set hb-lost-threshold <hb_lost_thresh_int>

set hbdev <mgmt1 | mgmt2>

end

Previous
Next

Configuring HA settings

Before you begin:

  • You must have Read-Write permission to items in the System category.
  • Before you configure HA Settings, familiarize yourself on how FortiDDoS High Availability works, here.
To configure HA settings:
  1. Go to System > High Availability.
  2. Complete the configuration as described in the table below.
  3. Save the configuration.

After you have saved the configuration, cluster members begin to send heartbeat traffic to each other. Members with the same Group ID join the cluster. They send synchronization traffic directly through the HA connection.

NOTE: If you change the HA Mode from Active-Passive to Standalone, HA settings will be reset to Default. Before you change to Standalone, take a screenshot or otherwise record the Active-Passive settings so you can restore them when you return to Active-Passive Mode.

High availability page

High availability settings

Settings Guidelines
Configured HA Mode
  • Standalone
  • Active-passive

This setting should only be changed after other non-synchronized settings are complete, although this is not mandatory. See HA synchronization for settings that are not synchronized between devices. When changed to active-passive, all synchronized parameters on the Secondary device will be replaced with data from the primary device and made read-only. Non-synchronized parameters may be modified on the Secondary device, as required, while it is in Active-Passive mode.
Group Name Name to identify the HA cluster if you have more than one. This setting is optional, and does not affect HA function. The maximum length is 35 characters (no special characters or spaces are allowed).
Device Priority Number indicating priority of the member node when electing the cluster primary node. The smaller the number, the higher the priority. It is mandatory to set this correctly. The valid range is 0 to 9 and the default is 5.
Group ID Number that identifies the HA cluster.

Nodes with the same group ID join the cluster. If you have more than one HA cluster on the same network, each cluster must have a different group ID.

The valid range is 0 to 63. The default is 0.
Detection Interval Number of 100-millisecond intervals at which heartbeat packets are sent. This is also the interval at which a node expects to receive heartbeat packets. These numbers must match on Primary and Secondary.

The valid range is 1 to 20 (that is, between 100 and 2,000 milliseconds). The default is 2.
Heartbeat Lost Threshold Number of times a node retries the heartbeat and waits to receive HA heartbeat packets from the other node before concluding the other node is down. The valid range is from 1 to 60. The default is 6.
Port Mark the check boxes for the network interface to be used for port monitoring and heartbeat packets. Use the same port number for both systems. For example, if you select mgmt2 on the primary node, select mgmt2 as the heartbeat interface on the other node.

The standard practice is to use mgmt2 for port monitoring and heartbeat packets with a dedicated cable between the devices. However, the HA multicast traffic can share a management port that has an IP address for system GUI/CLI access. If not directly connected, ensure that the two HA ports/systems have Layer 2 multicast connectivity between them.

CLI commands:

config system ha

set mode <standalone | active-passive>

set group-name <group_name_str>

set priority <priority_int>

set group-id <group_id_integer>

set hb-interval <hb_interval_int>

set hb-lost-threshold <hb_lost_thresh_int>

set hbdev <mgmt1 | mgmt2>

end

Previous
Next