Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiGate-6000 Handbook

Device failure

If the primary FortiGate-6000 encounters a problem that is severe enough to cause it to fail, the secondary FortiGate-6000 becomes new primary FortiGate-6000. This occurs because the secondary FortiGate-6000 is constantly waiting to negotiate to become primary FortiGate-6000. Only the heartbeat packets sent by the primary FortiGate-6000 keep the secondary FortiGate-6000 from becoming the primary FortiGate-6000. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate-6000. If this timer is allowed to run out because the secondary FortiGate-6000 does not receive heartbeat packets from the primary FortiGate-6000, the secondary FortiGate-6000 assumes that the primary FortiGate-6000 has failed and becomes the primary FortiGate-6000.

The new primary FortiGate-6000 will have the same MAC and IP addresses as the former primary FortiGate-6000. The new primary FortiGate-6000 then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate-6000. Sessions then resume with the new primary FortiGate-6000.

Device failure

If the primary FortiGate-6000 encounters a problem that is severe enough to cause it to fail, the secondary FortiGate-6000 becomes new primary FortiGate-6000. This occurs because the secondary FortiGate-6000 is constantly waiting to negotiate to become primary FortiGate-6000. Only the heartbeat packets sent by the primary FortiGate-6000 keep the secondary FortiGate-6000 from becoming the primary FortiGate-6000. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate-6000. If this timer is allowed to run out because the secondary FortiGate-6000 does not receive heartbeat packets from the primary FortiGate-6000, the secondary FortiGate-6000 assumes that the primary FortiGate-6000 has failed and becomes the primary FortiGate-6000.

The new primary FortiGate-6000 will have the same MAC and IP addresses as the former primary FortiGate-6000. The new primary FortiGate-6000 then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate-6000. Sessions then resume with the new primary FortiGate-6000.