config system ha
Configure HA.
config system ha
Description: Configure HA.
set arps {integer}
set arps-interval {integer}
set authentication [enable|disable]
set cpu-threshold {user}
set encryption [enable|disable]
set failover-hold-time {integer}
set ftp-proxy-threshold {user}
set gratuitous-arps [enable|disable]
set group-id {integer}
set group-name {string}
set ha-direct [enable|disable]
set ha-eth-type {string}
config ha-mgmt-interfaces
Description: Reserve interfaces to manage individual cluster units.
edit <id>
set interface {string}
set dst {ipv4-classnet}
set gateway {ipv4-address}
set gateway6 {ipv6-address}
next
end
set ha-mgmt-status [enable|disable]
set ha-uptime-diff-margin {integer}
set hb-interval {integer}
set hb-interval-in-milliseconds [100ms|10ms]
set hb-lost-threshold {integer}
set hbdev {user}
set hc-eth-type {string}
set hello-holddown {integer}
set http-proxy-threshold {user}
set imap-proxy-threshold {user}
set key {password}
set l2ep-eth-type {string}
set link-failed-signal [enable|disable]
set load-balance-all [enable|disable]
set logical-sn [enable|disable]
set memory-based-failover [enable|disable]
set memory-compatible-mode [enable|disable]
set memory-failover-flip-timeout {integer}
set memory-failover-monitor-period {integer}
set memory-failover-sample-rate {integer}
set memory-failover-threshold {integer}
set memory-threshold {user}
set mode [standalone|a-a|...]
set monitor {user}
set multicast-ttl {integer}
set nntp-proxy-threshold {user}
set override [enable|disable]
set override-wait-time {integer}
set password {password}
set pingserver-failover-threshold {integer}
set pingserver-flip-timeout {integer}
set pingserver-monitor-interface {user}
set pingserver-secondary-force-reset [enable|disable]
set pop3-proxy-threshold {user}
set priority {integer}
set route-hold {integer}
set route-ttl {integer}
set route-wait {integer}
set schedule [none|leastconnection|...]
set session-pickup [enable|disable]
set session-pickup-connectionless [enable|disable]
set session-pickup-delay [enable|disable]
set session-pickup-expectation [enable|disable]
set session-pickup-nat [enable|disable]
set session-sync-dev {user}
set smtp-proxy-threshold {user}
set ssd-failover [enable|disable]
set standalone-config-sync [enable|disable]
set standalone-mgmt-vdom [enable|disable]
set sync-config [enable|disable]
set sync-packet-balance [enable|disable]
set unicast-gateway {ipv4-address}
set unicast-hb [enable|disable]
set unicast-hb-netmask {ipv4-netmask}
set unicast-hb-peerip {ipv4-address}
config unicast-peers
Description: Number of unicast peers.
edit <id>
set peer-ip {ipv4-address}
next
end
set unicast-status [enable|disable]
set uninterruptible-primary-wait {integer}
set uninterruptible-upgrade [enable|disable]
config vcluster
Description: Virtual cluster table.
edit <vcluster-id>
set override [enable|disable]
set priority {integer}
set override-wait-time {integer}
set monitor {user}
set pingserver-monitor-interface {user}
set pingserver-failover-threshold {integer}
set pingserver-secondary-force-reset [enable|disable]
set vdom <name1>, <name2>, ...
next
end
set vcluster-status [enable|disable]
set weight {user}
end
config system ha
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
arps |
Number of gratuitous ARPs. Lower to reduce traffic. Higher to reduce failover time. |
integer |
Minimum value: 1 Maximum value: 60 |
5 |
||||||||
|
arps-interval |
Time between gratuitous ARPs . Lower to reduce failover time. Higher to reduce traffic. |
integer |
Minimum value: 1 Maximum value: 20 |
8 |
||||||||
|
authentication |
Enable/disable heartbeat message authentication. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
cpu-threshold |
Dynamic weighted load balancing CPU usage weight and high and low thresholds. |
user |
Not Specified |
|
||||||||
|
encryption |
Enable/disable heartbeat message encryption. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
failover-hold-time |
Time to wait before failover , to avoid flip. |
integer |
Minimum value: 0 Maximum value: 300 |
0 |
||||||||
|
ftp-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of FTP proxy sessions. |
user |
Not Specified |
|
||||||||
|
gratuitous-arps |
Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
group-id |
HA group ID . Must be the same for all members. |
integer |
Minimum value: 0 Maximum value: 1023 |
0 |
||||||||
|
group-name |
Cluster group name. Must be the same for all members. |
string |
Maximum length: 32 |
|
||||||||
|
ha-direct |
Enable/disable using ha-mgmt interface for syslog, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox, sFlow, and Netflow. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ha-eth-type |
HA heartbeat packet Ethertype (4-digit hex). |
string |
Maximum length: 4 |
8890 |
||||||||
|
ha-mgmt-status |
Enable to reserve interfaces to manage individual cluster units. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
ha-uptime-diff-margin |
Normally you would only reduce this value for failover testing. |
integer |
Minimum value: 1 Maximum value: 65535 |
300 |
||||||||
|
hb-interval |
Time between sending heartbeat packets. Increase to reduce false positives. |
integer |
Minimum value: 1 Maximum value: 20 |
2 |
||||||||
|
hb-interval-in-milliseconds |
Number of milliseconds for each heartbeat interval: 100ms or 10ms. |
option |
- |
100ms |
||||||||
|
|
|
|||||||||||
|
hb-lost-threshold |
Number of lost heartbeats to signal a failure. Increase to reduce false positives. |
integer |
Minimum value: 1 Maximum value: 60 |
6 ** |
||||||||
|
hbdev |
Heartbeat interfaces. Must be the same for all members. Enter <interface> <priority> pairs to specify the priority of each heartbeat interface. Higher priority takes precedence. |
user |
Not Specified |
|
||||||||
|
hc-eth-type |
Transparent mode HA heartbeat packet Ethertype (4-digit hex). |
string |
Maximum length: 4 |
8891 |
||||||||
|
hello-holddown |
Time to wait before changing from hello to work state. |
integer |
Minimum value: 5 Maximum value: 300 |
20 |
||||||||
|
http-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions. |
user |
Not Specified |
|
||||||||
|
imap-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions. |
user |
Not Specified |
|
||||||||
|
key |
Key. |
password |
Not Specified |
|
||||||||
|
l2ep-eth-type |
Telnet session HA heartbeat packet Ethertype (4-digit hex). |
string |
Maximum length: 4 |
8893 |
||||||||
|
link-failed-signal |
Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
load-balance-all |
Enable to load balance TCP sessions. Disable to load balance proxy sessions only. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
logical-sn |
Enable/disable usage of the logical serial number. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
memory-based-failover |
Enable/disable memory based failover. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
memory-compatible-mode |
Enable/disable memory compatible mode. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
memory-failover-flip-timeout |
Time to wait between subsequent memory based failovers in minutes. |
integer |
Minimum value: 6 Maximum value: 2147483647 |
6 |
||||||||
|
memory-failover-monitor-period |
Duration of high memory usage before memory based failover is triggered in seconds. |
integer |
Minimum value: 1 Maximum value: 300 |
60 |
||||||||
|
memory-failover-sample-rate |
Rate at which memory usage is sampled in order to measure memory usage in seconds. |
integer |
Minimum value: 1 Maximum value: 60 |
1 |
||||||||
|
memory-failover-threshold |
Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global). |
integer |
Minimum value: 0 Maximum value: 95 |
0 |
||||||||
|
memory-threshold |
Dynamic weighted load balancing memory usage weight and high and low thresholds. |
user |
Not Specified |
|
||||||||
|
mode |
HA mode. Must be the same for all members. FGSP requires standalone. |
option |
- |
standalone |
||||||||
|
|
|
|||||||||||
|
monitor |
Interfaces to check for port monitoring (or link failure). |
user |
Not Specified |
|
||||||||
|
multicast-ttl |
HA multicast TTL on primary. |
integer |
Minimum value: 5 Maximum value: 3600 |
600 |
||||||||
|
nntp-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions. |
user |
Not Specified |
|
||||||||
|
override |
Enable and increase the priority of the unit that should always be primary (master). |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
override-wait-time |
Delay negotiating if override is enabled. Reduces how often the cluster negotiates. |
integer |
Minimum value: 0 Maximum value: 3600 |
0 |
||||||||
|
password |
Cluster password. Must be the same for all members. |
password |
Not Specified |
|
||||||||
|
pingserver-failover-threshold |
Remote IP monitoring failover threshold. |
integer |
Minimum value: 0 Maximum value: 50 |
0 |
||||||||
|
pingserver-flip-timeout |
Time to wait in minutes before renegotiating after a remote IP monitoring failover. |
integer |
Minimum value: 6 Maximum value: 2147483647 |
60 |
||||||||
|
pingserver-monitor-interface |
Interfaces to check for remote IP monitoring. |
user |
Not Specified |
|
||||||||
|
pingserver-secondary-force-reset |
Enable to force the cluster to negotiate after a remote IP monitoring failover. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
pop3-proxy-threshold |
Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions. |
user |
Not Specified |
|
||||||||
|
priority |
Increase the priority to select the primary unit. |
integer |
Minimum value: 0 Maximum value: 255 |
128 |
||||||||
|
route-hold |
Time to wait between routing table updates to the cluster. |
integer |
Minimum value: 0 Maximum value: 3600 |
10 |
||||||||
|
route-ttl |
TTL for primary unit routes. Increase to maintain active routes during failover. |
integer |
Minimum value: 5 Maximum value: 3600 |
10 |
||||||||
|
route-wait |
Time to wait before sending new routes to the cluster. |
integer |
Minimum value: 0 Maximum value: 3600 |
0 |
||||||||
|
schedule |
Type of A-A load balancing. Use none if you have external load balancers. |
option |
- |
round-robin |
||||||||
|
|
| |||||||||||