Configuring HA
- Go to System > High Availability > Configuration.
- Under HA Configuration, set Mode of operation to primary if the FortiMail unit is the primary unit in the active-passive group. Select secondary if the FortiMail unit is the secondary unit.
- Set On failure to wait for recovery then restore secondary role. On recovery, the failed primary unit’s effective HA mode of operation becomes secondary, and the secondary unit assumes the primary role.
- Enter a Shared password. This password must be the same for both the primary and secondary units.
- Expand Advanced options to configure backup options. Backup options only appear if you have selected either the primary or secondary mode of operation.
- Enter an HA base port value (20000 by default). This will be used for the heartbeat signal, and synchronization control, including data and configuration synchronization.
- Set Heartbeat lost threshold to the total duration of time in seconds that the primary unit can be unresponsive before it triggers a failover, and the secondary unit assumes the role of the primary unit.
- Enable Remote services as heartbeat to use remote services monitoring as a secondary HA heartbeat.
- Click Apply.
Note that any backup settings configured are not synchronized across the active-passive group. To use this feature you must enable it on both primary and secondary units.
Note that, for active-passive HA groups, in addition to configuring the heartbeat, you can configure service-based failover and monitoring. For more information, see the FortiMail Administration Guide.
Be sure not to set this value to too short a duration, as the secondary unit may falsely detect a failure during periods of high load.
Conversely, if the failure detection time is too long, the primary unit could fail and a delay in detecting the failure could mean that email is delayed or lost. Decrease the failure detection time if email is delayed or lost because of an HA failover.
