system ha
Use this command to configure the FortiMail unit to act as a member of a high availability (HA) cluster in order to increase processing capacity or availability. It also enables you to monitor the HA cluster.
Syntax
config system ha
config interface
edit <interface_name>
set heartbeat-status <disable | primary | secondary}
set port-monitor {enable | disable}
set virtual-ip6 <ipv6_netmask>
config service
edit <remote-smtp>
set ip <ip_addr>
set port <port_num>
edit <remote-imap>
set ip <ip_addr>
set port <port_num>
edit <remote-pop>
set ip <ip_addr>
set port <port_num>
edit <remote-http>
set ip <ip_addr>
set port <port_num>
edit <local-ports>
edit <local-hd>
set system ha
set failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask>
set hard-drives-check {enable | disable}
set hb-base-port <interface_int>
set heartbeat-1-interface <interface_int>
set heartbeat-1-ip <local_ipv4mask>
set heartbeat-1-peer <primary-peer_ipv4>
set heartbeat-2-interface <interface_str>
set heartbeat-2-ip <secondary-local_ipv4mask>
set heartbeat-2-peer <secondary-peer_ipv4>
set mail-data-sync {enable | disable}
set mailqueue-data-sync {enable | disable}
set mode {config-primary | config-secondary | primary | off | secondary}
set on-failure {off | restore-role | become-secondary}
set remote-services-as-heartbeat {enable | disable}
end
Variable |
Description |
Default |
Enter the interface name of which you want to configure the virtual IP. |
|
|
Select whether and how to configure the IP addresses and netmasks of the primary FortiMail unit:
|
ignore-vip |
|
Specify if this interface will be used for HA heartbeat and synchronization.
This network interface must be connected directly or through a switch to the Primary heartbeat network interface of other members in the HA group. The secondary heartbeat interface is the backup heartbeat link between the units in the HA group. If the primary heartbeat link is functioning, the secondary heartbeat link is used for the HA heartbeat. If the primary heartbeat link fails, the secondary link is used for the HA heartbeat and for HA synchronization. This network interface must be connected directly or through a switch to the Secondary heartbeat network interfaces of other members in the HA group. Caution: Using the same network interface for both HA synchronization/heartbeat traffic and other network traffic could result in issues with heartbeat and synchronization during times of high traffic load, and is not recommended. Note: In general, you should isolate the network interfaces that are used for heartbeat traffic from your overall network. Heartbeat and synchronization packets contain sensitive configuration information, are latency-sensitive, and can consume considerable network bandwidth. |
|
|
Enter the IP address of the matching heartbeat network interface of the other member of the HA group. For example, if you are configuring the primary unit’s primary heartbeat network interface, enter the IP address of the secondary unit’s primary heartbeat network interface. Similarly, for the secondary heartbeat network interface, enter the IP address of the other unit’s secondary heartbeat network interface. This option appears only for active-passive HA. |
|
|
Enter the peer IPv6 address in the active-passive HA group. |
|
|
Enable to monitor a network interface for failure. If the port fails, the primary unit will trigger a failover. This option applies only if local network interface monitoring is enabled. |
|
|
Enter the virtual IP address and netmask for this interface. This option is available only if status {enable | disable} is set. |
0.0.0.0/0 |
|
Enter the virtual IPv6 address and netmask for this interface. This option is available only if status {enable | disable} is set. |
0.0.0.0/0 |
|
Enter to configure the remote SMTP service monitoring. |
|
|
Enter the time interval between service checks in seconds. |
120 |
|
Enter the timeout for remote service check in seconds. |
30 |
|
Enter the SMTP server IP address for service check. |
0.0.0.0 |
|
Enter the SMTP server port number for service check. |
25 |
|
Enter the number of attempts to try before considering the SMTP server a failure. |
3 |
|
Enable to start the remote SMTP service monitoring. |
disable |
|
Enter to configure the remote IMAP service monitoring. |
|
|
Enter the time interval between service checks in seconds. |
120 |
|
Enter the timeout for remote service check in seconds. |
30 |
|
Enter the IMAP server IP address for service check. |
0.0.0.0 |
|
Enter the IMAP server port number for service check. |
143 |
|
Enter the number of attempts to try before considering the IMAP server a failure. |
3 |
|
Enable to start the remote IMAP service monitoring. |
disable |
|
Enter to configure the remote POP service monitoring. |
|
|
Enter the time interval between service checks in seconds. |
120 |
|
Enter the timeout for remote service check in seconds. |
30 |
|
Enter the POP server IP address for service check. |
0.0.0.0 |
|
Enter the POP server port number for service check. |
110 |
|
Enter the number of attempts to try before considering the POP server a failure. |
3 |
|
Enable to start the remote POP service monitoring. |
disable |
|
Enter to configure the remote HTTP service monitoring. |
|
|
Enter the time interval between service checks in seconds. |
120 |
|
Enter the timeout for remote service check in seconds. |
30 |
|
Enter the HTTP server IP address for service check. |
0.0.0.0 |
|
Enter the HTTP server port number for service check. |
80 |
|
Enter the number of attempts to try before considering the HTTP server a failure. |
3 |
|
Enable to start the remote HTTP service monitoring. |
disable |
|
Enter to configure the local network interfaces service monitoring. |
|
|
Enter the time interval between service checks in seconds. |
120 |
|
Enter the number of attempts to try before considering the local network interface a failure. |
3 |
|
Enable to start the local network interface service monitoring. |
disable |
|
Enter to configure the local hard drives service monitoring. |
|
|
Enter the time interval between service checks in seconds. |
120 |
|
Enter the number of attempts to try before considering the hard drive a failure. |
3 |
|
Enable to start the local hard drive service monitoring. |
disable |
|
Enter the IP address of the secondary FortiMail unit. |
0.0.0.0 |
|
failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask> |
Use this option to configure whether and how to configure the IP addresses and netmasks of the primary FortiMail unit. For example, a primary unit might be configured to receive email traffic through port1 and receive heartbeat and synchronization traffic through port5 and port6. In that case, you would configure the primary unit to set the IP addresses or add virtual IP addresses for port1 of the backup unit upon failover in order to mimic that of the primary unit. This option applies only for FortiMail units operating in the active-passive HA mode, as a primary unit (The configuration of this command is synchronized to the backup unit for use when it assumes the role of the primary unit). Enter the name of a network interface, such as
Network interface(s) configured as the primary heartbeat and secondary heartbeat network interface are required to maintain their IP addresses for heartbeat and synchronization purposes, and cannot be configured with the type After entering a network interface behavior, enter the IP address and netmask. If you have entered |
|
Enable to test the responsiveness of the hard drives. |
disable |
|
Enter the first of four total TCP port numbers that will be used for:
Note: For active-passive groups, in addition or alternatively to configuring the heartbeat, you can configure service monitoring. |
20000 |
|
Enter the total span of time, in seconds, for which the primary unit can be unresponsive before it triggers a failover and the backup unit assumes the role of the primary unit. The heartbeat will continue to check for availability once per second. To prevent premature failover when the primary unit is simply experiencing very heavy load, configure a total threshold of three (3) seconds or more to allow the backup unit enough time to confirm unresponsiveness by sending additional heartbeat signals. This option appears only for active-passive groups. Note: If the failure detection time is too short, the backup unit may falsely detect a failure when during periods of high load. Caution: If the failure detection time is too long the primary unit could fail and a delay in detecting the failure could mean that email is delayed or lost. Decrease the failure detection time if email is delayed or lost because of an HA failover. |
15 |
|
Enter the name of the network interface that will be used for the primary heartbeat, and that is connected directly or through a switch to the primary heartbeat interface of the other FortiMail unit(s) in the HA group. |
Varies by model (the network interface with the highest number). |
|
Enter the IP address and netmask of the primary network interface, separated by a space. Use this IP address as the value of the peer IP address when configuring heartbeat-1-peer <primary-peer_ipv4> for the other FortiMail units in the HA group. |
10.0.0.1 255.255.255.0 |
|
Enter the IP address of the primary heartbeat network interface on the other FortiMail unit in the HA group. For example, if the primary heartbeat network interface on the other FortiMail unit has an IP address of 10.0.0.1, enter 10.0.0.1. |
10.0.0.2 |
|
Enter the name of a network interface: Use this network interface as the secondary heartbeat network interface. It must be connected to the secondary heartbeat network interface on the other FortiMail unit in the HA group. Also configure heartbeat-2-ip <secondary-local_ipv4mask>. |
Varies by model (the network interface with the highest number).
|
|
Enter the IP address and netmask of the secondary network interface, separated by a space. Use this IP address as the value of the peer IP address when configuring heartbeat-2-peer <secondary-peer_ipv4> for the other FortiMail units in the HA group. |
0.0.0.0 0.0.0.0 |
|
Enter the IP address of the secondary heartbeat network interface on the other FortiMail unit in the HA group. For example, if the secondary heartbeat network interface on the other FortiMail unit has an IP address of 10.0.0.3, enter 10.0.0.3. |
0.0.0.0 |
|
Enter a local service to monitor. If you enter <interval_int>: Enter the amount of time in seconds between each network interface check. <retries_int>: Enter the number of times a network interface must consecutively fail to respond in order to trigger a failover. If you enter <interval_int>: Enter the amount of time in seconds between each hard drive check. <retries_int>: Enter the number of times a hard drive must consecutively fail to respond in order to trigger a failover. During local service monitoring, the primary unit in an active-passive HA group monitors its own network interfaces and hard drives. If either of these local services fails, the primary unit triggers a failover by switching its effective operating mode to “off," and no longer responding to the heartbeat of the backup unit. The backup unit then becomes the new primary unit. If service monitoring detects a failure, the effective operating mode of the primary unit switches to OFF or FAILED (depending on the “On failure" setting) and, if configured, the FortiMail units send HA event alert email, record HA event log messages, and send HA event SNMP traps. A failover then occurs, and the effective operating mode of the backup unit switches to primary. This command applies only if the FortiMail unit is operating in an active-passive HA group, as the primary unit. |
PORTS 10 3 HD 10 3 |
|
Enable to synchronize system quarantine, email archives, email users’ mailboxes (server mode only), preferences, and per-recipient quarantines. Unless the HA cluster stores its mail data on a NAS server, you should configure the HA cluster to synchronize mail directories. This option applies only for active-passive groups. |
enable |
|
Enable to synchronize the mail queue of the FortiMail unit. This option applies only for active-passive groups. Caution: If the primary unit experiences a hardware failure and you cannot restart it, if this option is disabled, MTA spool directory data could be lost. Note: Enabling this option is not recommended. Periodic synchronization can be processor and bandwidth-intensive. Additionally, because the content of the MTA spool directories is very dynamic, periodically synchronizing MTA spool directories between FortiMail units may not guarantee against loss of all email in those directories. Even if MTA spool directory synchronization is disabled, after a failover, a separate synchronization mechanism may successfully prevent loss of MTA spool data. |
disable |
|
mode {config-primary | config-secondary | primary | off | secondary} |
Enter one of the following HA operating modes:
Caution: For config-only HA, if the FortiMail unit is operating in server mode, you must store mail data externally, on a NAS server. Failure to store mail data externally could result in mailboxes and other data scattered over multiple FortiMail units. For details on configuring NAS, see the FortiMail Administration Guide. |
off |
Enable to test the responsiveness of network interfaces. Network interface monitoring tests all active network interfaces whose: failover <interface_str> {add | bridge | ignore | set}<address_ipv4mask>setting is not port-monitor {enable | disable} setting is |
enable |
|
Enter one of the following behaviors of the primary unit when it detects a failure.
In most cases, you should enter For details on the effects of this option on the effective operating mode, see the FortiMail Administration Guide. This option applies only if the FortiMail unit is operating in an active-passive HA group, as a primary unit. |
|
|
Enter a password for the HA group. The password must be the same on the primary and backup FortiMail unit(s). The password must be a least 1 character. |
change_me |
|
remote-service {smtp | pop | imap | http} <interface_ipv4> <port_int> <interval_int> <wait_int> <retries_int> |
Enter a remote service to monitor. Then enter the subsequent values in order:
<wait_int>: Enter the amount of time in seconds to wait for the primary unit to respond to the remote service availability test.
This option applies only if the FortiMail unit is operating in an active-passive HA group, as a backup unit. |
|
Enable to use remote service monitoring as a tertiary heartbeat signal. This option applies only for FortiMail units operating in the active-passive HA mode, and requires that you also configure remote service monitoring using. |
|
|
<wait_int> |
Enter the amount of time in seconds to wait for the primary unit to respond to the remote service availability test. The valid range is 1 to a very high number of seconds, or 0 to disable remote service monitoring. |
0 |
<retries_int> |
Enter the number of consecutive availability test failures after which the primary unit is deemed unresponsive and a failover occurs. The valid range is 1 to a very high number, or 0 to disable remote service monitoring. |
0 |
Enable to test the connection responsiveness of SMTP. |
disable |