Failover protection
The FortiGate Clustering Protocol (FGCP) provides failover protection, meaning that a cluster can provide FortiGate services even when one of the devices in the cluster encounters a problem that would result in the complete loss of connectivity for a stand-alone FortiGate unit. Failover protection provides a backup mechanism that can be used to reduce the risk of unexpected downtime, especially in mission-critical environments.
FGCP supports failover protection in three ways:
- Link failover maintains traffic flow if a link fails.
- If a device loses power, it automatically fails over to a backup unit with minimal impact on the network.
- Optionally, if an SSD fails, it can automatically fail over to a backup unit.
When session-pickup is enabled in the HA settings, existing TCP session are kept, and users on the network are not impacted by downtime as the traffic can be passed without reestablishing the sessions.
When and how the failover happens
1. Link fails
Before triggering a failover when a link fails, the administrator must ensure that monitor interfaces are configured. Normally, the internal interface that connects to the internal network, and an outgoing interface for traffic to the internet or outside the network, should be monitored. Any of those links going down will trigger a failover.
2. Loss of power for active unit.
When an active (primary) unit loses power, a backup (secondary) unit automatically becomes the primary, and the impact on traffic is minimal. There are no settings for this kind of fail over.
3. SSD failure
HA failover can be triggered by an SSD failure.
To enable an SSD failure triggering HA fail over:
config system ha set ssd-failover enable end