Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiGate-7000 Handbook

    Home FortiGate-7000 5.6.14 FortiGate-7000 Handbook
    5.6.14
    6.2.3
    6.0.10
    6.0.9
    6.0.8
    6.0.6
    6.0.4
    5.6.14
    5.6.12
    5.6.11
    5.6.7
    5.4.9

    FortiGate-7000 high availability

    FortiGate-7000 high availability

    FortiGate-7000 supports a variation of active-passive FortiGate Clustering Protocol (FGCP) high availability (HA) between two identical FortiGate-7000s. With active-passive FortiGate-7000 HA, you create redundant network connections to two identical FortiGate-7000s and add redundant HA heartbeat connections. Then you configure each FortiGate-7000 for HA.The FGCP forms a cluster and selects a primary FortiGate-7000. You can set device priorities and enable override to select the primary FortiGate-7000.

    Example FortiGate-7040 HA configuration

    The primary FortiGate-7000 processes all traffic. The secondary FortiGate-7000 operates in hot standby mode. The FGCP synchronizes the configuration, active sessions, routing information, and so on to the secondary FortiGate-7000. If the primary FortiGate-7000 fails, traffic automatically fails over to the secondary FortiGate-7000.

    New HA features and changes

    Configuring FortiGate-7000 HA has been simplified for FortiOS 5.6.6. To set up HA, you no longer have to configure HA settings for both of the FIMs in a FortiGate-7000. Instead, you configure HA settings on the primary FIM and this configuration is synchronized to the other FIM.

    As well, FortiGate-7000 HA is configured and operates more like standard FGCP HA. The link failure threshold concept that was part of FortiGate-7000 for FortiOS 5.4 has been removed and board failover tolerance has been simplified. As well, primary unit selection has been simplified to be more like FGCP primary unit selection.

    FortiOS 5.6.6 also includes the following new features and changes:

    • The System > HA GUI page now appears and can be used to configure most HA settings.
    • You can configure HA interface monitoring (or port monitoring) to detect link failures.
    • You can configure HA remote link failover (also called remote IP monitoring) to detect remote link failures using the following options:
      • Enable remote IP monitoring with the pingserver-monitor-interface option.
      • Set the remote IP monitoring failover threshold with the pingserver-failover-threshold option.
      • Force the cluster to negotiate after a remote IP monitoring failover with the pingserver-slave-force-reset option.
      • Adjust the time to wait in minutes before renegotiating after a remote IP monitoring failover with the pingserver-flip-timeout option.
    • You can use the get system ha status command to display HA status. The diagnose sys ha status command is no longer available.
    • The diagnose sys ha force-slave-state command is no longer available. To force the primary FortiGate-7000 into a secondary (or slave) state you can use the diagnose sys ha reset-uptime command.
    • The HA link-failure-threshold option has been removed.
    • The board-failover-tolerance option has been simplified and determines how the cluster responds to failed FIMs.
    Previous
    Next

    FortiGate-7000 high availability

    FortiGate-7000 high availability

    FortiGate-7000 supports a variation of active-passive FortiGate Clustering Protocol (FGCP) high availability (HA) between two identical FortiGate-7000s. With active-passive FortiGate-7000 HA, you create redundant network connections to two identical FortiGate-7000s and add redundant HA heartbeat connections. Then you configure each FortiGate-7000 for HA.The FGCP forms a cluster and selects a primary FortiGate-7000. You can set device priorities and enable override to select the primary FortiGate-7000.

    Example FortiGate-7040 HA configuration

    The primary FortiGate-7000 processes all traffic. The secondary FortiGate-7000 operates in hot standby mode. The FGCP synchronizes the configuration, active sessions, routing information, and so on to the secondary FortiGate-7000. If the primary FortiGate-7000 fails, traffic automatically fails over to the secondary FortiGate-7000.

    New HA features and changes

    Configuring FortiGate-7000 HA has been simplified for FortiOS 5.6.6. To set up HA, you no longer have to configure HA settings for both of the FIMs in a FortiGate-7000. Instead, you configure HA settings on the primary FIM and this configuration is synchronized to the other FIM.

    As well, FortiGate-7000 HA is configured and operates more like standard FGCP HA. The link failure threshold concept that was part of FortiGate-7000 for FortiOS 5.4 has been removed and board failover tolerance has been simplified. As well, primary unit selection has been simplified to be more like FGCP primary unit selection.

    FortiOS 5.6.6 also includes the following new features and changes:

    • The System > HA GUI page now appears and can be used to configure most HA settings.
    • You can configure HA interface monitoring (or port monitoring) to detect link failures.
    • You can configure HA remote link failover (also called remote IP monitoring) to detect remote link failures using the following options:
      • Enable remote IP monitoring with the pingserver-monitor-interface option.
      • Set the remote IP monitoring failover threshold with the pingserver-failover-threshold option.
      • Force the cluster to negotiate after a remote IP monitoring failover with the pingserver-slave-force-reset option.
      • Adjust the time to wait in minutes before renegotiating after a remote IP monitoring failover with the pingserver-flip-timeout option.
    • You can use the get system ha status command to display HA status. The diagnose sys ha status command is no longer available.
    • The diagnose sys ha force-slave-state command is no longer available. To force the primary FortiGate-7000 into a secondary (or slave) state you can use the diagnose sys ha reset-uptime command.
    • The HA link-failure-threshold option has been removed.
    • The board-failover-tolerance option has been simplified and determines how the cluster responds to failed FIMs.
    Previous
    Next