Fortinet black logo

FortiGate-7000F Handbook

Remote link failover

Copy Link
Copy Doc ID fd130345-bc33-11ec-9fd1-fa163e15d75b:613389
Download PDF

Remote link failover

Remote link failover (also called remote IP monitoring) is similar to interface monitoring and link health monitoring (also known as dead gateway detection). Remote IP monitoring uses link health monitors to test connectivity between the primary FortiGate-7000F and remote network devices such as a downstream router. Remote IP monitoring causes a failover if one or more of these remote IP addresses does not respond to link health checking.

In the simplified example topology shown above, the switch connected directly to the primary FortiGate-7000F is operating normally but the link on the other side of the switches fails. As a result, traffic can no longer flow between the primary FortiGate-7000F and the Internet.

This section highlights some aspects of primary FortiGate-7000F remote link failover. For more details about how this works, see Remote link failover.

Configuring remote IP monitoring

Enter the following command to enable HA remote IP monitoring on the 1-P3 interface:

config system ha

set pingserver-monitor-interface 1-P3

set pingserver-failover-threshold 5

set pingserver-flip-timeout 120

end

Keep the pingserver-failover-threshold set to the default value of 5. This means a failover occurs if the link health monitor doesn’t get a response after 5 attempts.

Set the pingserver-flip-timeout set to 120 minutes. After a failover, if HA remote IP monitoring on the new primary unit also causes a failover, the flip timeout prevents the failover from occurring until the timer runs out. Setting the pingserver‑flip‑timeout to 120 means that remote IP monitoring can only cause a failover every 120 minutes. This flip timeout is required to prevent repeating failovers if remote IP monitoring causes a failover from all cluster units because none of the cluster units can connect to the monitored IP addresses.

Enter the following command to add a link health monitor for the 1-P3 interface and to set HA remote IP monitoring priority for this link health monitor.

config system link-monitor

edit ha-link-monitor

set server 192.168.20.20

set srcintf port2

set ha-priority 1

set interval 5

set failtime 2

end

The detectserver option sets the remote IP address to monitor to 192.168.20.20.

Leave the ha-priority keyword set to the default value of 1. You only need to change this priority if you change the HA pingserver-failover-threshold. The ha-priority setting is not synchronized among the FortiGate-7000s in the HA configuration.

Note The ha-priority setting is not synchronized. So if you want to change the ha-priority setting you must change it separately on each FortiGate-7000. Otherwise it will remain set to the default value of 1.

Use the interval option to set the time between link health checks and use the failtime keyword to set the number of times that a health check can fail before a failure is detected (the failover threshold). The example reduces the failover threshold to 2 but keeps the health check interval at the default value of 5.

Remote link failover

Remote link failover (also called remote IP monitoring) is similar to interface monitoring and link health monitoring (also known as dead gateway detection). Remote IP monitoring uses link health monitors to test connectivity between the primary FortiGate-7000F and remote network devices such as a downstream router. Remote IP monitoring causes a failover if one or more of these remote IP addresses does not respond to link health checking.

In the simplified example topology shown above, the switch connected directly to the primary FortiGate-7000F is operating normally but the link on the other side of the switches fails. As a result, traffic can no longer flow between the primary FortiGate-7000F and the Internet.

This section highlights some aspects of primary FortiGate-7000F remote link failover. For more details about how this works, see Remote link failover.

Configuring remote IP monitoring

Enter the following command to enable HA remote IP monitoring on the 1-P3 interface:

config system ha

set pingserver-monitor-interface 1-P3

set pingserver-failover-threshold 5

set pingserver-flip-timeout 120

end

Keep the pingserver-failover-threshold set to the default value of 5. This means a failover occurs if the link health monitor doesn’t get a response after 5 attempts.

Set the pingserver-flip-timeout set to 120 minutes. After a failover, if HA remote IP monitoring on the new primary unit also causes a failover, the flip timeout prevents the failover from occurring until the timer runs out. Setting the pingserver‑flip‑timeout to 120 means that remote IP monitoring can only cause a failover every 120 minutes. This flip timeout is required to prevent repeating failovers if remote IP monitoring causes a failover from all cluster units because none of the cluster units can connect to the monitored IP addresses.

Enter the following command to add a link health monitor for the 1-P3 interface and to set HA remote IP monitoring priority for this link health monitor.

config system link-monitor

edit ha-link-monitor

set server 192.168.20.20

set srcintf port2

set ha-priority 1

set interval 5

set failtime 2

end

The detectserver option sets the remote IP address to monitor to 192.168.20.20.

Leave the ha-priority keyword set to the default value of 1. You only need to change this priority if you change the HA pingserver-failover-threshold. The ha-priority setting is not synchronized among the FortiGate-7000s in the HA configuration.

Note The ha-priority setting is not synchronized. So if you want to change the ha-priority setting you must change it separately on each FortiGate-7000. Otherwise it will remain set to the default value of 1.

Use the interval option to set the time between link health checks and use the failtime keyword to set the number of times that a health check can fail before a failure is detected (the failover threshold). The example reduces the failover threshold to 2 but keeps the health check interval at the default value of 5.