config system ha
Configure HA.
config system ha Description: Configure HA. set arps {integer} set arps-interval {integer} set authentication [enable|disable] set cpu-threshold {user} set encryption [enable|disable] set frup [enable|disable] config frup-settings Description: FRUP settings set active-interface <name1>, <name2>, ... set backup-interface <name1>, <name2>, ... set active-switch-port {option1}, {option2}, ... end set ftp-proxy-threshold {user} set gratuitous-arps [enable|disable] set group-id {integer} set group-name {string} set ha-direct [enable|disable] set ha-eth-type {string} config ha-mgmt-interfaces Description: Reserve interfaces to manage individual cluster units. edit <id> set interface {string} set dst {ipv4-classnet} set gateway {ipv4-address} set gateway6 {ipv6-address} next end set ha-mgmt-status [enable|disable] set ha-uptime-diff-margin {integer} set hb-interval {integer} set hb-lost-threshold {integer} set hbdev {user} set hc-eth-type {string} set hello-holddown {integer} set http-proxy-threshold {user} set imap-proxy-threshold {user} set inter-cluster-session-sync [enable|disable] set key {password} set l2ep-eth-type {string} set link-failed-signal [enable|disable] set load-balance-all [enable|disable] set logical-sn [enable|disable] set memory-compatible-mode [enable|disable] set memory-threshold {user} set minimum-worker-threshold {integer} set mode [standalone|a-a|...] set monitor {user} set multicast-ttl {integer} set nntp-proxy-threshold {user} set override [enable|disable] set override-wait-time {integer} set password {password} set pingserver-failover-threshold {integer} set pingserver-flip-timeout {integer} set pingserver-monitor-interface {user} set pingserver-slave-force-reset [enable|disable] set pop3-proxy-threshold {user} set priority {integer} set route-hold {integer} set route-ttl {integer} set route-wait {integer} set schedule [none|hub|...] config secondary-vcluster Description: Configure virtual cluster 2. set vcluster-id {integer} set override [enable|disable] set priority {integer} set override-wait-time {integer} set monitor {user} set pingserver-monitor-interface {user} set pingserver-failover-threshold {integer} set pingserver-slave-force-reset [enable|disable] set vdom {user} end set session-pickup [enable|disable] set session-pickup-connectionless [enable|disable] set session-pickup-delay [enable|disable] set session-pickup-expectation [enable|disable] set session-pickup-nat [enable|disable] set session-sync-dev {user} set slave-switch-standby [enable|disable] set smtp-proxy-threshold {user} set ssd-failover [enable|disable] set standalone-config-sync [enable|disable] set standalone-mgmt-vdom [enable|disable] set sync-config [enable|disable] set sync-packet-balance [enable|disable] set unicast-hb [enable|disable] set unicast-hb-netmask {ipv4-netmask} set unicast-hb-peerip {ipv4-address} set uninterruptible-upgrade [enable|disable] set vcluster-id {integer} set vcluster2 [enable|disable] set vdom {user} set weight {user} end
config system ha
Parameter |
Description |
Type |
Size |
|||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
arps |
Number of gratuitous ARPs. Lower to reduce traffic. Higher to reduce failover time. |
integer |
Minimum value: 1 Maximum value: 60 |
|||||||||||||||||||
arps-interval |
Time between gratuitous ARPs . Lower to reduce failover time. Higher to reduce traffic. |
integer |
Minimum value: 1 Maximum value: 20 |
|||||||||||||||||||
authentication |
Enable/disable heartbeat message authentication. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
cpu-threshold |
Dynamic weighted load balancing CPU usage weight and high and low thresholds. |
user |
Not Specified |
|||||||||||||||||||
encryption |
Enable/disable heartbeat message encryption. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
frup * |
Enable/disable Fortinet Redundant UTM Protocol |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
ftp-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of FTP proxy sessions. |
user |
Not Specified |
|||||||||||||||||||
gratuitous-arps |
Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
group-id |
Cluster group ID . Must be the same for all members. |
integer |
Minimum value: 0 Maximum value: 255 |
|||||||||||||||||||
group-name |
Cluster group name. Must be the same for all members. |
string |
Maximum length: 32 |
|||||||||||||||||||
ha-direct |
Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, and FortiSandbox. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
ha-eth-type |
HA heartbeat packet Ethertype (4-digit hex). |
string |
Maximum length: 4 |
|||||||||||||||||||
ha-mgmt-status |
Enable to reserve interfaces to manage individual cluster units. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
ha-uptime-diff-margin |
Normally you would only reduce this value for failover testing. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||||||||||||
hb-interval |
Time between sending heartbeat packets. Increase to reduce false positives. |
integer |
Minimum value: 1 Maximum value: 20 |
|||||||||||||||||||
hb-lost-threshold |
Number of lost heartbeats to signal a failure. Increase to reduce false positives. |
integer |
Minimum value: 1 Maximum value: 60 |
|||||||||||||||||||
hbdev |
Heartbeat interfaces. Must be the same for all members. Enter <interface> <priority> pairs to specify the priority of each heartbeat interface. Higher priority takes precedence. |
user |
Not Specified |
|||||||||||||||||||
hc-eth-type |
Transparent mode HA heartbeat packet Ethertype (4-digit hex). |
string |
Maximum length: 4 |
|||||||||||||||||||
hello-holddown |
Time to wait before changing from hello to work state. |
integer |
Minimum value: 5 Maximum value: 300 |
|||||||||||||||||||
http-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions. |
user |
Not Specified |
|||||||||||||||||||
imap-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions. |
user |
Not Specified |
|||||||||||||||||||
inter-cluster-session-sync |
Enable/disable synchronization of sessions among HA clusters. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
key |
key |
password |
Not Specified |
|||||||||||||||||||
l2ep-eth-type |
Telnet session HA heartbeat packet Ethertype (4-digit hex). |
string |
Maximum length: 4 |
|||||||||||||||||||
link-failed-signal |
Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
load-balance-all |
Enable to load balance TCP sessions. Disable to load balance proxy sessions only. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
logical-sn |
Enable/disable usage of the logical serial number. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
memory-compatible-mode |
Enable/disable memory compatible mode. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
memory-threshold |
Dynamic weighted load balancing memory usage weight and high and low thresholds. |
user |
Not Specified |
|||||||||||||||||||
minimum-worker-threshold * |
The minimum number of operating workers to cause a content clustering chassis failover. |
integer |
Minimum value: 1 Maximum value: 11 |
|||||||||||||||||||
mode |
HA mode. Must be the same for all members. FGSP requires standalone. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
monitor |
Interfaces to check for port monitoring (or link failure). |
user |
Not Specified |
|||||||||||||||||||
multicast-ttl |
HA multicast TTL on master. |
integer |
Minimum value: 5 Maximum value: 3600 |
|||||||||||||||||||
nntp-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions. |
user |
Not Specified |
|||||||||||||||||||
override |
Enable and increase the priority of the unit that should always be primary (master). |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
override-wait-time |
Delay negotiating if override is enabled. Reduces how often the cluster negotiates. |
integer |
Minimum value: 0 Maximum value: 3600 |
|||||||||||||||||||
password |
Cluster password. Must be the same for all members. |
password |
Not Specified |
|||||||||||||||||||
pingserver-failover-threshold |
Remote IP monitoring failover threshold. |
integer |
Minimum value: 0 Maximum value: 50 |
|||||||||||||||||||
pingserver-flip-timeout |
Time to wait in minutes before renegotiating after a remote IP monitoring failover. |
integer |
Minimum value: 6 Maximum value: 2147483647 |
|||||||||||||||||||
pingserver-monitor-interface |
Interfaces to check for remote IP monitoring. |
user |
Not Specified |
|||||||||||||||||||
pingserver-slave-force-reset |
Enable to force the cluster to negotiate after a remote IP monitoring failover. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
pop3-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions. |
user |
Not Specified |
|||||||||||||||||||
priority |
Increase the priority to select the primary unit. |
integer |
Minimum value: 0 Maximum value: 255 |
|||||||||||||||||||
route-hold |
Time to wait between routing table updates to the cluster. |
integer |
Minimum value: 0 Maximum value: 3600 |
|||||||||||||||||||
route-ttl |
TTL for primary unit routes. Increase to maintain active routes during failover. |
integer |
Minimum value: 5 Maximum value: 3600 |
|||||||||||||||||||
route-wait |
Time to wait before sending new routes to the cluster. |
integer |
Minimum value: 0 Maximum value: 3600 |
|||||||||||||||||||
schedule |
Type of A-A load balancing. Use none if you have external load balancers. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
session-pickup |
Enable/disable session pickup. Enabling it can reduce session down time when fail over happens. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
session-pickup-connectionless |
Enable/disable UDP and ICMP session sync. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
session-pickup-delay |
Enable to sync sessions longer than 30 sec. Only longer lived sessions need to be synced. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
session-pickup-expectation |
Enable/disable session helper expectation session sync for FGSP. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
session-pickup-nat |
Enable/disable NAT session sync for FGSP. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
session-sync-dev |
Offload session-sync process to kernel and sync sessions using connected interface(s) directly. |
user |
Not Specified |
|||||||||||||||||||
slave-switch-standby * |
Enable to force content clustering subordinate unit standby mode. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
smtp-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions. |
user |
Not Specified |
|||||||||||||||||||
ssd-failover |
Enable/disable automatic HA failover on SSD disk failure. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
standalone-config-sync |
Enable/disable FGSP configuration synchronization. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
standalone-mgmt-vdom |
Enable/disable standalone management VDOM. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
sync-config |
Enable/disable configuration synchronization. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
sync-packet-balance |
Enable/disable HA packet distribution to multiple CPUs. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
unicast-hb * |
Enable/disable unicast heartbeat. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
unicast-hb-netmask * |
Unicast heartbeat netmask. |
ipv4-netmask |
Not Specified |
|||||||||||||||||||
unicast-hb-peerip * |
Unicast heartbeat peer IP. |
ipv4-address |
Not Specified |
|||||||||||||||||||
uninterruptible-upgrade |
Enable to upgrade a cluster without blocking network traffic. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
vcluster-id |
Cluster ID. |
integer |
Minimum value: 0 Maximum value: 255 |
|||||||||||||||||||
vcluster2 |
Enable/disable virtual cluster 2 for virtual clustering. |
option |
- |
|||||||||||||||||||
|
|
|||||||||||||||||||||
vdom |
VDOMs in virtual cluster 1. |
user |
Not Specified |
|||||||||||||||||||
weight |
Weight-round-robin weight for each cluster unit. Syntax <priority> <weight>. |
user |
Not Specified |
* This parameter may not exist in some models.
config frup-settings
Parameter |
Description |
Type |
Size |
|||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
active-interface |
FRUP active interface Interface name. |
string |
Maximum length: 15 |
|||||||||||||||||||||||||||||||||||
backup-interface |
FRUP backup interface Interface name. |
string |
Maximum length: 15 |
|||||||||||||||||||||||||||||||||||
active-switch-port |
FRUP active switch port list |
option |
- |
|||||||||||||||||||||||||||||||||||
|
|
config ha-mgmt-interfaces
Parameter |
Description |
Type |
Size |
---|---|---|---|
id |
Table ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
interface |
Interface to reserve for HA management. |
string |
Maximum length: 15 |
dst |
Default route destination for reserved HA management interface. |
ipv4-classnet |
Not Specified |
gateway |
Default route gateway for reserved HA management interface. |
ipv4-address |
Not Specified |
gateway6 |
Default IPv6 gateway for reserved HA management interface. |
ipv6-address |
Not Specified |
config secondary-vcluster
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
vcluster-id |
Cluster ID. |
integer |
Minimum value: 0 Maximum value: 255 |
|||||||
override |
Enable and increase the priority of the unit that should always be primary (master). |
option |
- |
|||||||
|
|
|||||||||
priority |
Increase the priority to select the primary unit. |
integer |
Minimum value: 0 Maximum value: 255 |
|||||||
override-wait-time |
Delay negotiating if override is enabled. Reduces how often the cluster negotiates. |
integer |
Minimum value: 0 Maximum value: 3600 |
|||||||
monitor |
Interfaces to check for port monitoring (or link failure). |
user |
Not Specified |
|||||||
pingserver-monitor-interface |
Interfaces to check for remote IP monitoring. |
user |
Not Specified |
|||||||
pingserver-failover-threshold |
Remote IP monitoring failover threshold. |
integer |
Minimum value: 0 Maximum value: 50 |
|||||||
pingserver-slave-force-reset |
Enable to force the cluster to negotiate after a remote IP monitoring failover. |
option |
- |
|||||||
|
|
|||||||||
vdom |
VDOMs in virtual cluster 2. |
user |
Not Specified |