Fortinet white logo
Fortinet white logo

FortiGate-7000E Administration Guide

Device failure

Device failure

If the primary FortiGate 7000E encounters a problem that is severe enough to cause it to fail, the secondary FortiGate 7000E becomes new primary FortiGate 7000E. This occurs because the secondary FortiGate 7000E is constantly waiting to negotiate to become primary FortiGate 7000E. Only the heartbeat packets sent by the primary FortiGate 7000E keep the secondary FortiGate 7000E from becoming the primary FortiGate 7000E. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate 7000E. If this timer is allowed to run out because the secondary FortiGate 7000E does not receive heartbeat packets from the primary FortiGate 7000E, the secondary FortiGate 7000E assumes that the primary FortiGate 7000E has failed and becomes the primary FortiGate 7000E.

The new primary FortiGate 7000E will have the same MAC and IP addresses as the former primary FortiGate 7000E. The new primary FortiGate 7000E then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate 7000E. Sessions then resume with the new primary FortiGate 7000E.

Device failure

Device failure

If the primary FortiGate 7000E encounters a problem that is severe enough to cause it to fail, the secondary FortiGate 7000E becomes new primary FortiGate 7000E. This occurs because the secondary FortiGate 7000E is constantly waiting to negotiate to become primary FortiGate 7000E. Only the heartbeat packets sent by the primary FortiGate 7000E keep the secondary FortiGate 7000E from becoming the primary FortiGate 7000E. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate 7000E. If this timer is allowed to run out because the secondary FortiGate 7000E does not receive heartbeat packets from the primary FortiGate 7000E, the secondary FortiGate 7000E assumes that the primary FortiGate 7000E has failed and becomes the primary FortiGate 7000E.

The new primary FortiGate 7000E will have the same MAC and IP addresses as the former primary FortiGate 7000E. The new primary FortiGate 7000E then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate 7000E. Sessions then resume with the new primary FortiGate 7000E.