Fortinet white logo
Fortinet white logo

FortiGate-7000F Administration Guide

Device failure

Device failure

If the primary FortiGate 7000F encounters a problem that is severe enough to cause it to fail, the secondary FortiGate 7000F becomes new primary FortiGate 7000F. This occurs because the secondary FortiGate 7000F is constantly waiting to negotiate to become primary FortiGate 7000F. Only the heartbeat packets sent by the primary FortiGate 7000F keep the secondary FortiGate 7000F from becoming the primary FortiGate 7000F. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate 7000F. If this timer is allowed to run out because the secondary FortiGate 7000F does not receive heartbeat packets from the primary FortiGate 7000F, the secondary FortiGate 7000F assumes that the primary FortiGate 7000F has failed and becomes the primary FortiGate 7000F.

The new primary FortiGate 7000F will have the same MAC and IP addresses as the former primary FortiGate 7000F. The new primary FortiGate 7000F then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate 7000F. Sessions then resume with the new primary FortiGate 7000F.

Device failure

Device failure

If the primary FortiGate 7000F encounters a problem that is severe enough to cause it to fail, the secondary FortiGate 7000F becomes new primary FortiGate 7000F. This occurs because the secondary FortiGate 7000F is constantly waiting to negotiate to become primary FortiGate 7000F. Only the heartbeat packets sent by the primary FortiGate 7000F keep the secondary FortiGate 7000F from becoming the primary FortiGate 7000F. Each received heartbeat packet resets a negotiation timer in the secondary FortiGate 7000F. If this timer is allowed to run out because the secondary FortiGate 7000F does not receive heartbeat packets from the primary FortiGate 7000F, the secondary FortiGate 7000F assumes that the primary FortiGate 7000F has failed and becomes the primary FortiGate 7000F.

The new primary FortiGate 7000F will have the same MAC and IP addresses as the former primary FortiGate 7000F. The new primary FortiGate 7000F then sends gratuitous ARP packets out all of its connected interfaces to inform attached switches to send traffic to the new primary FortiGate 7000F. Sessions then resume with the new primary FortiGate 7000F.