Link failover (port monitoring or interface monitoring)
Link failover means that if a monitored interface fails, the FortiGate-7000 cluster reorganizes to reestablish a link to the network that the monitored interface was connected to and to continue operating with minimal or no disruption of network traffic.
You configure monitored interfaces (also called interface monitoring or port monitoring) by selecting FIM front panel interfaces to monitor as part of the HA configuration.
You can monitor up to 64 interfaces. The FGCP synchronizes the interface monitoring configurations to both FortiGate-7000s in the cluster.
The interfaces that you can monitor appear on the HA GUI page Monitor Interfaces list. You can monitor any FIM interfaces including redundant interfaces and 802.3ad aggregate interfaces.
You cannot monitor the following types of interfaces (you cannot select these types of interfaces on the Monitor Interfaces list):
- VLAN subinterfaces.
- IPsec VPN interfaces.
- Individual physical interfaces that have been added to a redundant or 802.3ad aggregate interface.
You should only monitor interfaces that are connected to networks, because a failover may occur if you monitor an unconnected interface. For this reason, you should also wait until your FortiGate-7000 HA setup has been configured and connected and is operating as expected before enabling interface monitoring. |
To enable interface monitoring
From the GUI, go to System > HA and add interfaces to the Monitor Interfaces list.
From the CLI, enter the following command to monitor the 1-B1/2 and 2-C1/10 interfaces:
config system ha
set monitor 1-B1/2 2-C1/10
end
With interface monitoring enabled, during FortiGate-7000 cluster operation, the cluster monitors each FIM in the cluster to determine if the monitored interfaces are operating and connected. Each FIM can detect a failure of its network interface hardware.
FIMs cannot determine if the switches that its interfaces are connected to are still connected to networks. However, you can use remote IP monitoring to make sure that the cluster unit can connect to downstream network devices. See Remote link failover. |
If a monitored interface on the primary FortiGate-7000 fails
Because the primary FortiGate-7000 receives all traffic processed by the cluster, a FortiGate-7000 cluster can only process traffic from a network if the primary FortiGate-7000 can connect to it. So, if the link between a network and the primary FortiGate-7000 fails, to maintain communication with this network, the cluster must set the FortiGate-7000 that is still connected to this network to become the primary FortiGate-7000. Unless another link failure has occurred, the new primary FortiGate-7000 will have an active link to the network and will be able to maintain communication with it.
To support link failover, the FortiGate-7000s store link state information for all monitored interfaces in a link state database. If one of the monitored interfaces on one of the FortiGate-7000s becomes disconnected or fails, this information is immediately shared with the other FortiGate-7000 in the cluster.
If a monitored interface on the primary FortGate-7000 fails, the cluster renegotiates to select the primary FortiGate-7000 using the process described in Primary FortiGate-7000 selection. Because the FortGate-7000 with the failed monitored interface has the lowest monitor priority, the other FortiGate-7000 becomes the primary FortiGate-7000. The new primary FortiGate-7000 should have fewer link failures.
If a monitored interface on the secondary FortiGate-7000 fails
If a monitored interface on a the secondary FortiGate-7000 fails, this information is shared with the primary FortiGate-7000. The cluster does not renegotiate. The secondary FortiGate-7000 with the failed monitored interface continues to function in the cluster.