Fortinet black logo

CLI Reference

system ha

system ha

Use this command to configure the FortiMail unit to act as a member of a high availability (HA) cluster in order to increase processing capacity or availability. It also enables you to monitor the HA cluster.

Syntax

config system ha

config interface

edit <interface_name>

set status {enable | disable}

set heartbeat-status <disable | primary | secondary}

set peer-ip <ipv4_netmask>

set peer-ip6 <ipv6_netmask>

set port-monitor {enable | disable}

set virtual-ip <ipv4_netmask>

set virtual-ip6 <ipv6_netmask>

config service

edit <remote-smtp>

set check-interval <integer>

set check-timeout <integer>

set ip <ip_addr>

set port <port_num>

set retries <integer>

set status {enable | disable}

edit <remote-imap>

set check-interval <integer>

set check-timeout <integer>

set ip <ip_addr>

set port <port_num>

set retries <integer>

set status {enable | disable}

edit <remote-pop>

set check-interval <integer>

set check-timeout <integer>

set ip <ip_addr>

set port <port_num>

set retries <integer>

set status {enable | disable}

edit <remote-http>

set check-interval <integer>

set check-timeout <integer>

set ip <ip_addr>

set port <port_num>

set retries <integer>

set status {enable | disable}

edit <local-ports>

set check-interval <integer>

set retries <integer>

set status {enable | disable}

edit <local-hd>

set check-interval <integer>

set retries <integer>

set status {enable | disable}

set system ha

set config-peer-ip <ip_addr>

set failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask>

set hard-drives-check {enable | disable}

set hb-base-port <interface_int>

set hb-lost-threshold

set heartbeat-1-interface <interface_int>

set heartbeat-1-ip <local_ipv4mask>

set heartbeat-1-peer <primary-peer_ipv4>

set heartbeat-2-interface <interface_str>

set heartbeat-2-ip <secondary-local_ipv4mask>

set heartbeat-2-peer <secondary-peer_ipv4>

set mail-data-sync {enable | disable}

set mailqueue-data-sync {enable | disable}

set mode {config-primary | config-secondary | primary | off | secondary}

set on-failure {off | restore-role | become-secondary}

set password <password_str>

set remote-services-as-heartbeat {enable | disable}

end

Variable

Description

Default

<interface_name>

Enter the interface name of which you want to configure the virtual IP.

action-on-primary {ignore-vip | use-vip}

Select whether and how to configure the IP addresses and netmasks of the primary FortiMail unit:

  • ignore-vip: Do not change the network interface configuration on failover, and do not monitor.
  • use-vip: Add the specified virtual IP address and netmask to the network interface on failover. Normally, you will configure your network (MX records, firewall policies, routing and so on) so that clients and mail services use the virtual IP address. Both originating and reply traffic uses the virtual IP address. This option results in the network interface having two IP addresses: the actual and the virtual.

ignore-vip

heartbeat-status <disable | primary | secondary}

Specify if this interface will be used for HA heartbeat and synchronization.

  • disable: Do not use this interface for HA heartbeat and synchronization.
  • primary: Select the primary network interface for heartbeat and synchronization traffic.
  • This network interface must be connected directly or through a switch to the Primary heartbeat network interface of other members in the HA group.

  • secondary: Select the secondary network interface for heartbeat and synchronization traffic.

The secondary heartbeat interface is the backup heartbeat link between the units in the HA group. If the primary heartbeat link is functioning, the secondary heartbeat link is used for the HA heartbeat. If the primary heartbeat link fails, the secondary link is used for the HA heartbeat and for HA synchronization.

This network interface must be connected directly or through a switch to the Secondary heartbeat network interfaces of other members in the HA group.

Caution: Using the same network interface for both HA synchronization/heartbeat traffic and other network traffic could result in issues with heartbeat and synchronization during times of high traffic load, and is not recommended.

Note: In general, you should isolate the network interfaces that are used for heartbeat traffic from your overall network. Heartbeat and synchronization packets contain sensitive configuration information, are latency-sensitive, and can consume considerable network bandwidth.

peer-ip <ipv4_netmask>

Enter the IP address of the matching heartbeat network interface of the other member of the HA group.

For example, if you are configuring the primary unit’s primary heartbeat network interface, enter the IP address of the secondary unit’s primary heartbeat network interface.

Similarly, for the secondary heartbeat network interface, enter the IP address of the other unit’s secondary heartbeat network interface.

This option appears only for active-passive HA.

peer-ip6 <ipv6_netmask>

Enter the peer IPv6 address in the active-passive HA group.

port-monitor {enable | disable}

Enable to monitor a network interface for failure. If the port fails, the primary unit will trigger a failover.

This option applies only if local network interface monitoring is enabled.

virtual-ip <ipv4_netmask>

Enter the virtual IP address and netmask for this interface.

This option is available only if status {enable | disable} is set.

0.0.0.0/0

virtual-ip6 <ipv6_netmask>

Enter the virtual IPv6 address and netmask for this interface.

This option is available only if status {enable | disable} is set.

0.0.0.0/0

<remote-smtp>

Enter to configure the remote SMTP service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

check-timeout <integer>

Enter the timeout for remote service check in seconds.

30

ip <ip_addr>

Enter the SMTP server IP address for service check.

0.0.0.0

port <port_num>

Enter the SMTP server port number for service check.

25

retries <integer>

Enter the number of attempts to try before considering the SMTP server a failure.

3

status {enable | disable}

Enable to start the remote SMTP service monitoring.

disable

<remote-imap>

Enter to configure the remote IMAP service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

check-timeout <integer>

Enter the timeout for remote service check in seconds.

30

ip <ip_addr>

Enter the IMAP server IP address for service check.

0.0.0.0

port <port_num>

Enter the IMAP server port number for service check.

143

retries <integer>

Enter the number of attempts to try before considering the IMAP server a failure.

3

status {enable | disable}

Enable to start the remote IMAP service monitoring.

disable

<remote-pop>

Enter to configure the remote POP service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

check-timeout <integer>

Enter the timeout for remote service check in seconds.

30

ip <ip_addr>

Enter the POP server IP address for service check.

0.0.0.0

port <port_num>

Enter the POP server port number for service check.

110

retries <integer>

Enter the number of attempts to try before considering the POP server a failure.

3

status {enable | disable}

Enable to start the remote POP service monitoring.

disable

<remote-http>

Enter to configure the remote HTTP service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

check-timeout <integer>

Enter the timeout for remote service check in seconds.

30

ip <ip_addr>

Enter the HTTP server IP address for service check.

0.0.0.0

port <port_num>

Enter the HTTP server port number for service check.

80

retries <integer>

Enter the number of attempts to try before considering the HTTP server a failure.

3

status {enable | disable}

Enable to start the remote HTTP service monitoring.

disable

<local-ports>

Enter to configure the local network interfaces service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

retries <integer>

Enter the number of attempts to try before considering the local network interface a failure.

3

status {enable | disable}

Enable to start the local network interface service monitoring.

disable

<local-hd>

Enter to configure the local hard drives service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

retries <integer>

Enter the number of attempts to try before considering the hard drive a failure.

3

status {enable | disable}

Enable to start the local hard drive service monitoring.

disable

config-peer-ip <ip_addr>

Enter the IP address of the secondary FortiMail unit.

0.0.0.0

failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask>

Use this option to configure whether and how to configure the IP addresses and netmasks of the primary FortiMail unit.

For example, a primary unit might be configured to receive email traffic through port1 and receive heartbeat and synchronization traffic through port5 and port6. In that case, you would configure the primary unit to set the IP addresses or add virtual IP addresses for port1 of the backup unit upon failover in order to mimic that of the primary unit.

This option applies only for FortiMail units operating in the active-passive HA mode, as a primary unit (The configuration of this command is synchronized to the backup unit for use when it assumes the role of the primary unit).

Enter the name of a network interface, such as port6, or enter mgmt to configure the management IP address (transparent mode only), then enter one of the following behaviors of the network interface when this FortiMail unit is acting as the primary unit:

ignore: Do not change the network interface configuration upon failover, and do not monitor. For details on service monitoring for network interfaces, see local-service {ports | hd} <interval_int> <retries_int>. Primary and secondary heartbeat network interfaces must use this option.

set: Change the network interface to use the specified IP address and netmask upon failover.

add: Add the specified virtual IP address and netmask to the network interface upon failover. Normally, you will configure your network (MX records, firewall policies, routing and so on) so that clients and mail services use the virtual IP address. Both originating and reply traffic uses the virtual IP address. All replies to sessions with the virtual IP address include the virtual IP address as the source address. Originating traffic, however, will use the network interface’s actual IP address as the source address.

bridge: Include the network interface in the Layer 2 bridge. While the effective operating mode is secondary, the interface is deactivated and cannot process traffic, preventing Layer 2 loops. Then, when the effective operating mode becomes primary, the interface is activated again and can process traffic. This option applies only if the FortiMail unit is operating in transparent mode, and for mail interfaces that are already members of the bridge. For information on configuring bridging network interfaces, see system interface.

Network interface(s) configured as the primary heartbeat and secondary heartbeat network interface are required to maintain their IP addresses for heartbeat and synchronization purposes, and cannot be configured with the type set or bridge.

After entering a network interface behavior, enter the IP address and netmask.

If you have entered bridge or ignore for the previous keyword, because those behaviors do not use IP addresses, you may enter 0.0.0.0 0.0.0.0.

hard-drives-check {enable | disable}

Enable to test the responsiveness of the hard drives.

disable

hb-base-port <interface_int>

Enter the first of four total TCP port numbers that will be used for:

  • the heartbeat signal
  • synchronization control
  • data synchronization
  • configuration synchronization

Note: For active-passive groups, in addition or alternatively to configuring the heartbeat, you can configure service monitoring.

20000

hb-lost-threshold

Enter the total span of time, in seconds, for which the primary unit can be unresponsive before it triggers a failover and the backup unit assumes the role of the primary unit.

The heartbeat will continue to check for availability once per second. To prevent premature failover when the primary unit is simply experiencing very heavy load, configure a total threshold of three (3) seconds or more to allow the backup unit enough time to confirm unresponsiveness by sending additional heartbeat signals.

This option appears only for active-passive groups.

Note: If the failure detection time is too short, the backup unit may falsely detect a failure when during periods of high load.

Caution: If the failure detection time is too long the primary unit could fail and a delay in detecting the failure could mean that email is delayed or lost. Decrease the failure detection time if email is delayed or lost because of an HA failover.

15

heartbeat-1-interface <interface_int>

Enter the name of the network interface that will be used for the primary heartbeat, and that is connected directly or through a switch to the primary heartbeat interface of the other FortiMail unit(s) in the HA group.

Varies by model (the network interface with the highest number).

heartbeat-1-ip <local_ipv4mask>

Enter the IP address and netmask of the primary network interface, separated by a space.

Use this IP address as the value of the peer IP address when configuring heartbeat-1-peer <primary-peer_ipv4> for the other FortiMail units in the HA group.

10.0.0.1 255.255.255.0

heartbeat-1-peer <primary-peer_ipv4>

Enter the IP address of the primary heartbeat network interface on the other FortiMail unit in the HA group.

For example, if the primary heartbeat network interface on the other FortiMail unit has an IP address of 10.0.0.1, enter 10.0.0.1.

10.0.0.2

heartbeat-2-interface <interface_str>

Enter the name of a network interface: Use this network interface as the secondary heartbeat network interface. It must be connected to the secondary heartbeat network interface on the other FortiMail unit in the HA group. Also configure heartbeat-2-ip <secondary-local_ipv4mask>.

Varies by model (the network interface with the highest number).

heartbeat-2-ip <secondary-local_ipv4mask>

Enter the IP address and netmask of the secondary network interface, separated by a space.

Use this IP address as the value of the peer IP address when configuring heartbeat-2-peer <secondary-peer_ipv4> for the other FortiMail units in the HA group.

0.0.0.0 0.0.0.0

heartbeat-2-peer <secondary-peer_ipv4>

Enter the IP address of the secondary heartbeat network interface on the other FortiMail unit in the HA group.

For example, if the secondary heartbeat network interface on the other FortiMail unit has an IP address of 10.0.0.3, enter 10.0.0.3.

0.0.0.0

local-service {ports | hd} <interval_int> <retries_int>

Enter a local service to monitor.

If you enter ports, continue entering:

<interval_int>: Enter the amount of time in seconds between each network interface check.
The valid range is between 1 and 60 seconds, or 0 to disable checking. The default value is 0.

<retries_int>: Enter the number of times a network interface must consecutively fail to respond in order to trigger a failover.
The valid range is 1 to a very high number. The default value is 0.

If you enter hd, continue entering:

<interval_int>: Enter the amount of time in seconds between each hard drive check.
The valid range is between 1 and 60 seconds, or 0 to disable checking. The default value is 0.

<retries_int>: Enter the number of times a hard drive must consecutively fail to respond in order to trigger a failover.
The valid range is 1 to a very high number. The default value is 0.

During local service monitoring, the primary unit in an active-passive HA group monitors its own network interfaces and hard drives. If either of these local services fails, the primary unit triggers a failover by switching its effective operating mode to “off," and no longer responding to the heartbeat of the backup unit. The backup unit then becomes the new primary unit.

If service monitoring detects a failure, the effective operating mode of the primary unit switches to OFF or FAILED (depending on the “On failure" setting) and, if configured, the FortiMail units send HA event alert email, record HA event log messages, and send HA event SNMP traps. A failover then occurs, and the effective operating mode of the backup unit switches to primary.

This command applies only if the FortiMail unit is operating in an active-passive HA group, as the primary unit.

PORTS 10 3

HD 10 3

mail-data-sync {enable | disable}

Enable to synchronize system quarantine, email archives, email users’ mailboxes (server mode only), preferences, and per-recipient quarantines.

Unless the HA cluster stores its mail data on a NAS server, you should configure the HA cluster to synchronize mail directories.

This option applies only for active-passive groups.

enable

mailqueue-data-sync {enable | disable}

Enable to synchronize the mail queue of the FortiMail unit.

This option applies only for active-passive groups.

Caution: If the primary unit experiences a hardware failure and you cannot restart it, if this option is disabled, MTA spool directory data could be lost.

Note: Enabling this option is not recommended. Periodic synchronization can be processor and bandwidth-intensive. Additionally, because the content of the MTA spool directories is very dynamic, periodically synchronizing MTA spool directories between FortiMail units may not guarantee against loss of all email in those directories. Even if MTA spool directory synchronization is disabled, after a failover, a separate synchronization mechanism may successfully prevent loss of MTA spool data.

disable

mode {config-primary | config-secondary | primary | off | secondary}

Enter one of the following HA operating modes:

config-primary: Enable HA and operate as the primary unit in a config-only HA group.

config-secondary: Enable HA and operate as the backup unit in a config-only HA group.

primary: Enable HA and operate as the primary unit in an active-passive HA group.

off: Disable HA. Each FortiMail unit operates independently.

secondary: Enable HA and operate as the backup unit in an active-passive HA group.

Caution: For config-only HA, if the FortiMail unit is operating in server mode, you must store mail data externally, on a NAS server. Failure to store mail data externally could result in mailboxes and other data scattered over multiple FortiMail units. For details on configuring NAS, see the FortiMail Administration Guide.

off

network-intf-check {enable | disable}

Enable to test the responsiveness of network interfaces.

Network interface monitoring tests all active network interfaces whose:

failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask>setting is not ignore

port-monitor {enable | disable} setting is enable.

enable

on-failure {off | restore-role | become-secondary}

Enter one of the following behaviors of the primary unit when it detects a failure.

off: Do not process email or join the HA group until you manually select the effective operating mode.

restore-role: On recovery, the failed primary unit‘s effective operating mode resumes its configured operating mode. This behavior may be useful if the cause of failure is temporary and rare, but may cause problems if the cause of failure is permanent or persistent.

become-secondary: On recovery, the failed primary unit’s effective operating mode becomes secondary (backup), and it then synchronizes the content of its MTA spool directories with the current primary unit. The new primary unit can then deliver email that existed in the former primary unit’s MTA spool at the time of the failover.

In most cases, you should enter become-secondary.

For details on the effects of this option on the effective operating mode, see the FortiMail Administration Guide. This option applies only if the FortiMail unit is operating in an active-passive HA group, as a primary unit.

password <password_str>

Enter a password for the HA group. The password must be the same on the primary and backup FortiMail unit(s). The password must be a least 1 character.

change_me

remote-service {smtp | pop | imap | http} <interface_ipv4> <port_int> <interval_int> <wait_int> <retries_int>

Enter a remote service to monitor. Then enter the subsequent values in order:

<interface_ipv4>:Enter the IP address to contact when testing the availability of the service. The default value is 0.0.0.0.

<port_int>: Enter the TCP port number on which the remote FortiMail unit listens for connections of that service type. The default value is 0.
For example, if you have configured the primary FortiMail unit to listen for SMTP connections on TCP port 25, you would enter 25.

<interval_int>: Enter the interval in minutes between each remote service availability test.
The valid range is 1 to 60 minutes, or 0 to disable remote service monitoring. The default value is 0.

<wait_int>: Enter the amount of time in seconds to wait for the primary unit to respond to the remote service availability test.
The valid range is 1 to a very high number of seconds, or 0 to disable remote service monitoring. The default value is 0.

<retries_int>: Enter the number of consecutive availability test failures after which the primary unit is deemed unresponsive and a failover occurs.
The valid range is 1 to a very high number, or 0 to disable remote service monitoring. The default value is 0.

This option applies only if the FortiMail unit is operating in an active-passive HA group, as a backup unit.

remote-services-as-heartbeat {enable | disable}

Enable to use remote service monitoring as a tertiary heartbeat signal.

This option applies only for FortiMail units operating in the active-passive HA mode, and requires that you also configure remote service monitoring using.

<wait_int>

Enter the amount of time in seconds to wait for the primary unit to respond to the remote service availability test.

The valid range is 1 to a very high number of seconds, or 0 to disable remote service monitoring.

0

<retries_int>

Enter the number of consecutive availability test failures after which the primary unit is deemed unresponsive and a failover occurs.

The valid range is 1 to a very high number, or 0 to disable remote service monitoring.

0

smtp-check {enable | disable}

Enable to test the connection responsiveness of SMTP.

disable

Related topics

system geoip-override

system ha

system ha

Use this command to configure the FortiMail unit to act as a member of a high availability (HA) cluster in order to increase processing capacity or availability. It also enables you to monitor the HA cluster.

Syntax

config system ha

config interface

edit <interface_name>

set status {enable | disable}

set heartbeat-status <disable | primary | secondary}

set peer-ip <ipv4_netmask>

set peer-ip6 <ipv6_netmask>

set port-monitor {enable | disable}

set virtual-ip <ipv4_netmask>

set virtual-ip6 <ipv6_netmask>

config service

edit <remote-smtp>

set check-interval <integer>

set check-timeout <integer>

set ip <ip_addr>

set port <port_num>

set retries <integer>

set status {enable | disable}

edit <remote-imap>

set check-interval <integer>

set check-timeout <integer>

set ip <ip_addr>

set port <port_num>

set retries <integer>

set status {enable | disable}

edit <remote-pop>

set check-interval <integer>

set check-timeout <integer>

set ip <ip_addr>

set port <port_num>

set retries <integer>

set status {enable | disable}

edit <remote-http>

set check-interval <integer>

set check-timeout <integer>

set ip <ip_addr>

set port <port_num>

set retries <integer>

set status {enable | disable}

edit <local-ports>

set check-interval <integer>

set retries <integer>

set status {enable | disable}

edit <local-hd>

set check-interval <integer>

set retries <integer>

set status {enable | disable}

set system ha

set config-peer-ip <ip_addr>

set failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask>

set hard-drives-check {enable | disable}

set hb-base-port <interface_int>

set hb-lost-threshold

set heartbeat-1-interface <interface_int>

set heartbeat-1-ip <local_ipv4mask>

set heartbeat-1-peer <primary-peer_ipv4>

set heartbeat-2-interface <interface_str>

set heartbeat-2-ip <secondary-local_ipv4mask>

set heartbeat-2-peer <secondary-peer_ipv4>

set mail-data-sync {enable | disable}

set mailqueue-data-sync {enable | disable}

set mode {config-primary | config-secondary | primary | off | secondary}

set on-failure {off | restore-role | become-secondary}

set password <password_str>

set remote-services-as-heartbeat {enable | disable}

end

Variable

Description

Default

<interface_name>

Enter the interface name of which you want to configure the virtual IP.

action-on-primary {ignore-vip | use-vip}

Select whether and how to configure the IP addresses and netmasks of the primary FortiMail unit:

  • ignore-vip: Do not change the network interface configuration on failover, and do not monitor.
  • use-vip: Add the specified virtual IP address and netmask to the network interface on failover. Normally, you will configure your network (MX records, firewall policies, routing and so on) so that clients and mail services use the virtual IP address. Both originating and reply traffic uses the virtual IP address. This option results in the network interface having two IP addresses: the actual and the virtual.

ignore-vip

heartbeat-status <disable | primary | secondary}

Specify if this interface will be used for HA heartbeat and synchronization.

  • disable: Do not use this interface for HA heartbeat and synchronization.
  • primary: Select the primary network interface for heartbeat and synchronization traffic.
  • This network interface must be connected directly or through a switch to the Primary heartbeat network interface of other members in the HA group.

  • secondary: Select the secondary network interface for heartbeat and synchronization traffic.

The secondary heartbeat interface is the backup heartbeat link between the units in the HA group. If the primary heartbeat link is functioning, the secondary heartbeat link is used for the HA heartbeat. If the primary heartbeat link fails, the secondary link is used for the HA heartbeat and for HA synchronization.

This network interface must be connected directly or through a switch to the Secondary heartbeat network interfaces of other members in the HA group.

Caution: Using the same network interface for both HA synchronization/heartbeat traffic and other network traffic could result in issues with heartbeat and synchronization during times of high traffic load, and is not recommended.

Note: In general, you should isolate the network interfaces that are used for heartbeat traffic from your overall network. Heartbeat and synchronization packets contain sensitive configuration information, are latency-sensitive, and can consume considerable network bandwidth.

peer-ip <ipv4_netmask>

Enter the IP address of the matching heartbeat network interface of the other member of the HA group.

For example, if you are configuring the primary unit’s primary heartbeat network interface, enter the IP address of the secondary unit’s primary heartbeat network interface.

Similarly, for the secondary heartbeat network interface, enter the IP address of the other unit’s secondary heartbeat network interface.

This option appears only for active-passive HA.

peer-ip6 <ipv6_netmask>

Enter the peer IPv6 address in the active-passive HA group.

port-monitor {enable | disable}

Enable to monitor a network interface for failure. If the port fails, the primary unit will trigger a failover.

This option applies only if local network interface monitoring is enabled.

virtual-ip <ipv4_netmask>

Enter the virtual IP address and netmask for this interface.

This option is available only if status {enable | disable} is set.

0.0.0.0/0

virtual-ip6 <ipv6_netmask>

Enter the virtual IPv6 address and netmask for this interface.

This option is available only if status {enable | disable} is set.

0.0.0.0/0

<remote-smtp>

Enter to configure the remote SMTP service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

check-timeout <integer>

Enter the timeout for remote service check in seconds.

30

ip <ip_addr>

Enter the SMTP server IP address for service check.

0.0.0.0

port <port_num>

Enter the SMTP server port number for service check.

25

retries <integer>

Enter the number of attempts to try before considering the SMTP server a failure.

3

status {enable | disable}

Enable to start the remote SMTP service monitoring.

disable

<remote-imap>

Enter to configure the remote IMAP service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

check-timeout <integer>

Enter the timeout for remote service check in seconds.

30

ip <ip_addr>

Enter the IMAP server IP address for service check.

0.0.0.0

port <port_num>

Enter the IMAP server port number for service check.

143

retries <integer>

Enter the number of attempts to try before considering the IMAP server a failure.

3

status {enable | disable}

Enable to start the remote IMAP service monitoring.

disable

<remote-pop>

Enter to configure the remote POP service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

check-timeout <integer>

Enter the timeout for remote service check in seconds.

30

ip <ip_addr>

Enter the POP server IP address for service check.

0.0.0.0

port <port_num>

Enter the POP server port number for service check.

110

retries <integer>

Enter the number of attempts to try before considering the POP server a failure.

3

status {enable | disable}

Enable to start the remote POP service monitoring.

disable

<remote-http>

Enter to configure the remote HTTP service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

check-timeout <integer>

Enter the timeout for remote service check in seconds.

30

ip <ip_addr>

Enter the HTTP server IP address for service check.

0.0.0.0

port <port_num>

Enter the HTTP server port number for service check.

80

retries <integer>

Enter the number of attempts to try before considering the HTTP server a failure.

3

status {enable | disable}

Enable to start the remote HTTP service monitoring.

disable

<local-ports>

Enter to configure the local network interfaces service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

retries <integer>

Enter the number of attempts to try before considering the local network interface a failure.

3

status {enable | disable}

Enable to start the local network interface service monitoring.

disable

<local-hd>

Enter to configure the local hard drives service monitoring.

check-interval <integer>

Enter the time interval between service checks in seconds.

120

retries <integer>

Enter the number of attempts to try before considering the hard drive a failure.

3

status {enable | disable}

Enable to start the local hard drive service monitoring.

disable

config-peer-ip <ip_addr>

Enter the IP address of the secondary FortiMail unit.

0.0.0.0

failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask>

Use this option to configure whether and how to configure the IP addresses and netmasks of the primary FortiMail unit.

For example, a primary unit might be configured to receive email traffic through port1 and receive heartbeat and synchronization traffic through port5 and port6. In that case, you would configure the primary unit to set the IP addresses or add virtual IP addresses for port1 of the backup unit upon failover in order to mimic that of the primary unit.

This option applies only for FortiMail units operating in the active-passive HA mode, as a primary unit (The configuration of this command is synchronized to the backup unit for use when it assumes the role of the primary unit).

Enter the name of a network interface, such as port6, or enter mgmt to configure the management IP address (transparent mode only), then enter one of the following behaviors of the network interface when this FortiMail unit is acting as the primary unit:

ignore: Do not change the network interface configuration upon failover, and do not monitor. For details on service monitoring for network interfaces, see local-service {ports | hd} <interval_int> <retries_int>. Primary and secondary heartbeat network interfaces must use this option.

set: Change the network interface to use the specified IP address and netmask upon failover.

add: Add the specified virtual IP address and netmask to the network interface upon failover. Normally, you will configure your network (MX records, firewall policies, routing and so on) so that clients and mail services use the virtual IP address. Both originating and reply traffic uses the virtual IP address. All replies to sessions with the virtual IP address include the virtual IP address as the source address. Originating traffic, however, will use the network interface’s actual IP address as the source address.

bridge: Include the network interface in the Layer 2 bridge. While the effective operating mode is secondary, the interface is deactivated and cannot process traffic, preventing Layer 2 loops. Then, when the effective operating mode becomes primary, the interface is activated again and can process traffic. This option applies only if the FortiMail unit is operating in transparent mode, and for mail interfaces that are already members of the bridge. For information on configuring bridging network interfaces, see system interface.

Network interface(s) configured as the primary heartbeat and secondary heartbeat network interface are required to maintain their IP addresses for heartbeat and synchronization purposes, and cannot be configured with the type set or bridge.

After entering a network interface behavior, enter the IP address and netmask.

If you have entered bridge or ignore for the previous keyword, because those behaviors do not use IP addresses, you may enter 0.0.0.0 0.0.0.0.

hard-drives-check {enable | disable}

Enable to test the responsiveness of the hard drives.

disable

hb-base-port <interface_int>

Enter the first of four total TCP port numbers that will be used for:

  • the heartbeat signal
  • synchronization control
  • data synchronization
  • configuration synchronization

Note: For active-passive groups, in addition or alternatively to configuring the heartbeat, you can configure service monitoring.

20000

hb-lost-threshold

Enter the total span of time, in seconds, for which the primary unit can be unresponsive before it triggers a failover and the backup unit assumes the role of the primary unit.

The heartbeat will continue to check for availability once per second. To prevent premature failover when the primary unit is simply experiencing very heavy load, configure a total threshold of three (3) seconds or more to allow the backup unit enough time to confirm unresponsiveness by sending additional heartbeat signals.

This option appears only for active-passive groups.

Note: If the failure detection time is too short, the backup unit may falsely detect a failure when during periods of high load.

Caution: If the failure detection time is too long the primary unit could fail and a delay in detecting the failure could mean that email is delayed or lost. Decrease the failure detection time if email is delayed or lost because of an HA failover.

15

heartbeat-1-interface <interface_int>

Enter the name of the network interface that will be used for the primary heartbeat, and that is connected directly or through a switch to the primary heartbeat interface of the other FortiMail unit(s) in the HA group.

Varies by model (the network interface with the highest number).

heartbeat-1-ip <local_ipv4mask>

Enter the IP address and netmask of the primary network interface, separated by a space.

Use this IP address as the value of the peer IP address when configuring heartbeat-1-peer <primary-peer_ipv4> for the other FortiMail units in the HA group.

10.0.0.1 255.255.255.0

heartbeat-1-peer <primary-peer_ipv4>

Enter the IP address of the primary heartbeat network interface on the other FortiMail unit in the HA group.

For example, if the primary heartbeat network interface on the other FortiMail unit has an IP address of 10.0.0.1, enter 10.0.0.1.

10.0.0.2

heartbeat-2-interface <interface_str>

Enter the name of a network interface: Use this network interface as the secondary heartbeat network interface. It must be connected to the secondary heartbeat network interface on the other FortiMail unit in the HA group. Also configure heartbeat-2-ip <secondary-local_ipv4mask>.

Varies by model (the network interface with the highest number).

heartbeat-2-ip <secondary-local_ipv4mask>

Enter the IP address and netmask of the secondary network interface, separated by a space.

Use this IP address as the value of the peer IP address when configuring heartbeat-2-peer <secondary-peer_ipv4> for the other FortiMail units in the HA group.

0.0.0.0 0.0.0.0

heartbeat-2-peer <secondary-peer_ipv4>

Enter the IP address of the secondary heartbeat network interface on the other FortiMail unit in the HA group.

For example, if the secondary heartbeat network interface on the other FortiMail unit has an IP address of 10.0.0.3, enter 10.0.0.3.

0.0.0.0

local-service {ports | hd} <interval_int> <retries_int>

Enter a local service to monitor.

If you enter ports, continue entering:

<interval_int>: Enter the amount of time in seconds between each network interface check.
The valid range is between 1 and 60 seconds, or 0 to disable checking. The default value is 0.

<retries_int>: Enter the number of times a network interface must consecutively fail to respond in order to trigger a failover.
The valid range is 1 to a very high number. The default value is 0.

If you enter hd, continue entering:

<interval_int>: Enter the amount of time in seconds between each hard drive check.
The valid range is between 1 and 60 seconds, or 0 to disable checking. The default value is 0.

<retries_int>: Enter the number of times a hard drive must consecutively fail to respond in order to trigger a failover.
The valid range is 1 to a very high number. The default value is 0.

During local service monitoring, the primary unit in an active-passive HA group monitors its own network interfaces and hard drives. If either of these local services fails, the primary unit triggers a failover by switching its effective operating mode to “off," and no longer responding to the heartbeat of the backup unit. The backup unit then becomes the new primary unit.

If service monitoring detects a failure, the effective operating mode of the primary unit switches to OFF or FAILED (depending on the “On failure" setting) and, if configured, the FortiMail units send HA event alert email, record HA event log messages, and send HA event SNMP traps. A failover then occurs, and the effective operating mode of the backup unit switches to primary.

This command applies only if the FortiMail unit is operating in an active-passive HA group, as the primary unit.

PORTS 10 3

HD 10 3

mail-data-sync {enable | disable}

Enable to synchronize system quarantine, email archives, email users’ mailboxes (server mode only), preferences, and per-recipient quarantines.

Unless the HA cluster stores its mail data on a NAS server, you should configure the HA cluster to synchronize mail directories.

This option applies only for active-passive groups.

enable

mailqueue-data-sync {enable | disable}

Enable to synchronize the mail queue of the FortiMail unit.

This option applies only for active-passive groups.

Caution: If the primary unit experiences a hardware failure and you cannot restart it, if this option is disabled, MTA spool directory data could be lost.

Note: Enabling this option is not recommended. Periodic synchronization can be processor and bandwidth-intensive. Additionally, because the content of the MTA spool directories is very dynamic, periodically synchronizing MTA spool directories between FortiMail units may not guarantee against loss of all email in those directories. Even if MTA spool directory synchronization is disabled, after a failover, a separate synchronization mechanism may successfully prevent loss of MTA spool data.

disable

mode {config-primary | config-secondary | primary | off | secondary}

Enter one of the following HA operating modes:

config-primary: Enable HA and operate as the primary unit in a config-only HA group.

config-secondary: Enable HA and operate as the backup unit in a config-only HA group.

primary: Enable HA and operate as the primary unit in an active-passive HA group.

off: Disable HA. Each FortiMail unit operates independently.

secondary: Enable HA and operate as the backup unit in an active-passive HA group.

Caution: For config-only HA, if the FortiMail unit is operating in server mode, you must store mail data externally, on a NAS server. Failure to store mail data externally could result in mailboxes and other data scattered over multiple FortiMail units. For details on configuring NAS, see the FortiMail Administration Guide.

off

network-intf-check {enable | disable}

Enable to test the responsiveness of network interfaces.

Network interface monitoring tests all active network interfaces whose:

failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask>setting is not ignore

port-monitor {enable | disable} setting is enable.

enable

on-failure {off | restore-role | become-secondary}

Enter one of the following behaviors of the primary unit when it detects a failure.

off: Do not process email or join the HA group until you manually select the effective operating mode.

restore-role: On recovery, the failed primary unit‘s effective operating mode resumes its configured operating mode. This behavior may be useful if the cause of failure is temporary and rare, but may cause problems if the cause of failure is permanent or persistent.

become-secondary: On recovery, the failed primary unit’s effective operating mode becomes secondary (backup), and it then synchronizes the content of its MTA spool directories with the current primary unit. The new primary unit can then deliver email that existed in the former primary unit’s MTA spool at the time of the failover.

In most cases, you should enter become-secondary.

For details on the effects of this option on the effective operating mode, see the FortiMail Administration Guide. This option applies only if the FortiMail unit is operating in an active-passive HA group, as a primary unit.

password <password_str>

Enter a password for the HA group. The password must be the same on the primary and backup FortiMail unit(s). The password must be a least 1 character.

change_me

remote-service {smtp | pop | imap | http} <interface_ipv4> <port_int> <interval_int> <wait_int> <retries_int>

Enter a remote service to monitor. Then enter the subsequent values in order:

<interface_ipv4>:Enter the IP address to contact when testing the availability of the service. The default value is 0.0.0.0.

<port_int>: Enter the TCP port number on which the remote FortiMail unit listens for connections of that service type. The default value is 0.
For example, if you have configured the primary FortiMail unit to listen for SMTP connections on TCP port 25, you would enter 25.

<interval_int>: Enter the interval in minutes between each remote service availability test.
The valid range is 1 to 60 minutes, or 0 to disable remote service monitoring. The default value is 0.

<wait_int>: Enter the amount of time in seconds to wait for the primary unit to respond to the remote service availability test.
The valid range is 1 to a very high number of seconds, or 0 to disable remote service monitoring. The default value is 0.

<retries_int>: Enter the number of consecutive availability test failures after which the primary unit is deemed unresponsive and a failover occurs.
The valid range is 1 to a very high number, or 0 to disable remote service monitoring. The default value is 0.

This option applies only if the FortiMail unit is operating in an active-passive HA group, as a backup unit.

remote-services-as-heartbeat {enable | disable}

Enable to use remote service monitoring as a tertiary heartbeat signal.

This option applies only for FortiMail units operating in the active-passive HA mode, and requires that you also configure remote service monitoring using.

<wait_int>

Enter the amount of time in seconds to wait for the primary unit to respond to the remote service availability test.

The valid range is 1 to a very high number of seconds, or 0 to disable remote service monitoring.

0

<retries_int>

Enter the number of consecutive availability test failures after which the primary unit is deemed unresponsive and a failover occurs.

The valid range is 1 to a very high number, or 0 to disable remote service monitoring.

0

smtp-check {enable | disable}

Enable to test the connection responsiveness of SMTP.

disable

Related topics

system geoip-override

system ha