Fortinet black logo

CLI Reference

config system ha

config system ha

Configure HA.

config system ha
    Description: Configure HA.
    set group-id {integer}
    set group-name {string}
    set mode [standalone|config-sync-only|...]
    set sync-packet-balance [enable|disable]
    set password {password}
    set key {password}
    set hbdev {user}
    set unicast-hb [enable|disable]
    set unicast-hb-peerip {ipv4-address}
    set unicast-hb-netmask {ipv4-netmask}
    set session-sync-dev {user}
    set route-ttl {integer}
    set route-wait {integer}
    set route-hold {integer}
    set multicast-ttl {integer}
    set encryption [enable|disable]
    set authentication [enable|disable]
    set hb-interval {integer}
    set hb-interval-in-milliseconds [100ms|10ms]
    set hb-lost-threshold {integer}
    set hello-holddown {integer}
    set gratuitous-arps [enable|disable]
    set arps {integer}
    set arps-interval {integer}
    set link-failed-signal [enable|disable]
    set uninterruptible-upgrade [enable|disable]
    set sequential-upgrade [enable|disable]
    set uninterruptible-primary-wait {integer}
    set primary-hold-before-reboot {integer}
    set ha-mgmt-status [enable|disable]
    config ha-mgmt-interfaces
        Description: Reserve interfaces to manage individual cluster units.
        edit <id>
            set interface {string}
            set dst {ipv4-classnet}
            set gateway {ipv4-address}
            set gateway6 {ipv6-address}
        next
    end
    set ha-uptime-diff-margin {integer}
    set unicast-status [enable|disable]
    set unicast-gateway {ipv4-address}
    config unicast-peers
        Description: Number of unicast peers.
        edit <id>
            set peer-ip {ipv4-address}
        next
    end
    set logical-sn [enable|disable]
    set vcluster-id {integer}
    set override [enable|disable]
    set priority {integer}
    set override-wait-time {integer}
    set weight {user}
    set cpu-threshold {user}
    set memory-threshold {user}
    set http-proxy-threshold {user}
    set ftp-proxy-threshold {user}
    set imap-proxy-threshold {user}
    set nntp-proxy-threshold {user}
    set pop3-proxy-threshold {user}
    set smtp-proxy-threshold {user}
    set monitor {user}
    set pingserver-monitor-interface {user}
    set pingserver-failover-threshold {integer}
    set pingserver-secondary-force-reset [enable|disable]
    set pingserver-flip-timeout {integer}
    set vdom {user}
    set vcluster2 [enable|disable]
    config secondary-vcluster
        Description: Configure virtual cluster 2.
        set vcluster-id {integer}
        set override [enable|disable]
        set priority {integer}
        set override-wait-time {integer}
        set monitor {user}
        set pingserver-monitor-interface {user}
        set pingserver-failover-threshold {integer}
        set pingserver-secondary-force-reset [enable|disable]
        set vdom {user}
    end
    set ha-direct [enable|disable]
    set ssd-failover [enable|disable]
    set memory-compatible-mode [enable|disable]
    set memory-based-failover [enable|disable]
    set memory-failover-threshold {integer}
    set memory-failover-monitor-period {integer}
    set memory-failover-sample-rate {integer}
    set memory-failover-flip-timeout {integer}
    set failover-hold-time {integer}
end

config system ha

Parameter

Description

Type

Size

Default

group-id

HA group ID . Must be the same for all members.

integer

Minimum value: 0 Maximum value: 1023

0

group-name

Cluster group name. Must be the same for all members.

string

Maximum length: 32

mode

HA mode. Must be the same for all members. FGSP requires standalone.

option

-

standalone

Option

Description

standalone

Disable HA feature.

config-sync-only

Enable Config sync only

active-passive

Enable Active-passive mode.

sync-packet-balance

Enable/disable HA packet distribution to multiple CPUs.

option

-

disable

Option

Description

enable

Enable HA packet distribution to multiple CPUs.

disable

Disable HA packet distribution to multiple CPUs.

password

Cluster password. Must be the same for all members.

password

Not Specified

key

Key.

password

Not Specified

hbdev

Heartbeat interfaces. Must be the same for all members.

user

Not Specified

unicast-hb

Enable/disable unicast heartbeat.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

unicast-hb-peerip

Unicast heartbeat peer IP.

ipv4-address

Not Specified

0.0.0.0

unicast-hb-netmask

Unicast heartbeat netmask.

ipv4-netmask

Not Specified

0.0.0.0

session-sync-dev

Offload session-sync process to kernel and sync sessions using connected interface(s) directly.

user

Not Specified

route-ttl

TTL for primary unit routes. Increase to maintain active routes during failover.

integer

Minimum value: 5 Maximum value: 3600

10

route-wait

Time to wait before sending new routes to the cluster.

integer

Minimum value: 0 Maximum value: 3600

0

route-hold

Time to wait between routing table updates to the cluster.

integer

Minimum value: 0 Maximum value: 3600

10

multicast-ttl

HA multicast TTL on primary.

integer

Minimum value: 5 Maximum value: 3600

600

encryption

Enable/disable heartbeat message encryption.

option

-

disable

Option

Description

enable

Enable heartbeat message encryption.

disable

Disable heartbeat message encryption.

authentication

Enable/disable heartbeat message authentication.

option

-

disable

Option

Description

enable

Enable heartbeat message authentication.

disable

Disable heartbeat message authentication.

hb-interval

Time between sending heartbeat packets. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 20

2

hb-interval-in-milliseconds

Number of milliseconds for each heartbeat interval: 100ms or 10ms.

option

-

100ms

Option

Description

100ms

Each heartbeat interval is 100ms.

10ms

Each heartbeat interval is 10ms.

hb-lost-threshold

Number of lost heartbeats to signal a failure. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 60

20

hello-holddown

Time to wait before changing from hello to work state.

integer

Minimum value: 5 Maximum value: 300

20

gratuitous-arps

Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled.

option

-

enable

Option

Description

enable

Enable gratuitous ARPs.

disable

Disable gratuitous ARPs.

arps

Number of gratuitous ARPs. Lower to reduce traffic. Higher to reduce failover time.

integer

Minimum value: 1 Maximum value: 60

5

arps-interval

Time between gratuitous ARPs . Lower to reduce failover time. Higher to reduce traffic.

integer

Minimum value: 1 Maximum value: 20

8

link-failed-signal

Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

uninterruptible-upgrade

Enable to upgrade a cluster without blocking network traffic.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

sequential-upgrade

Enable to upgrade secondaries one by one.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

uninterruptible-primary-wait

Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade.

integer

Minimum value: 15 Maximum value: 300

30

primary-hold-before-reboot

Number of seconds the primary HA unit waits after the secondary HA unit upgraded and joined back HA then starts its own upgrade.

integer

Minimum value: 0 Maximum value: 600

0

ha-mgmt-status

Enable to reserve interfaces to manage individual cluster units.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ha-uptime-diff-margin

Normally you would only reduce this value for failover testing.

integer

Minimum value: 1 Maximum value: 65535

300

unicast-status

Enable/disable unicast connection.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

unicast-gateway

Default route gateway for unicast interface.

ipv4-address

Not Specified

0.0.0.0

logical-sn

Enable/disable usage of the logical serial number.

option

-

disable

Option

Description

enable

Enable usage of the logical serial number.

disable

Disable usage of the logical serial number.

vcluster-id

Cluster ID.

integer

Minimum value: 0 Maximum value: 255

0

override

Enable and increase the priority of the unit that should always be primary.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

priority

Increase the priority to select the primary unit.

integer

Minimum value: 0 Maximum value: 255

128

override-wait-time

Delay negotiating if override is enabled. Reduces how often the cluster negotiates.

integer

Minimum value: 0 Maximum value: 3600

0

weight

Weighted round robin weight for each cluster unit. Syntax <priority> <weight>.

user

Not Specified

0 40

cpu-threshold

Dynamic weighted load balancing CPU usage weight and high and low thresholds.

user

Not Specified

memory-threshold

Dynamic weighted load balancing memory usage weight and high and low thresholds.

user

Not Specified

http-proxy-threshold

Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.

user

Not Specified

ftp-proxy-threshold

Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.

user

Not Specified

imap-proxy-threshold

Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.

user

Not Specified

nntp-proxy-threshold

Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.

user

Not Specified

pop3-proxy-threshold

Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.

user

Not Specified

smtp-proxy-threshold

Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.

user

Not Specified

monitor

Interfaces to check for port monitoring (or link failure).

user

Not Specified

pingserver-monitor-interface

Interfaces to check for remote IP monitoring.

user

Not Specified

pingserver-failover-threshold

Remote IP monitoring failover threshold.

integer

Minimum value: 0 Maximum value: 50

0

pingserver-secondary-force-reset

Enable to force the cluster to negotiate after a remote IP monitoring failover.

option

-

enable

Option

Description

enable

Enable force reset of secondary after PING server failure.

disable

Disable force reset of secondary after PING server failure.

pingserver-flip-timeout

Time to wait in minutes before renegotiating after a remote IP monitoring failover.

integer

Minimum value: 6 Maximum value: 2147483647

60

vdom

VDOMs in virtual cluster 1.

user

Not Specified

vcluster2

Enable/disable virtual cluster 2 for virtual clustering.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ha-direct

Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox.

option

-

disable

Option

Description

enable

Enable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox.

disable

Disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox.

ssd-failover

Enable/disable automatic HA failover on SSD disk failure.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

memory-compatible-mode

Enable/disable memory compatible mode.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

memory-based-failover

Enable/disable memory based failover.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

memory-failover-threshold

Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).

integer

Minimum value: 0 Maximum value: 95

0

memory-failover-monitor-period

Duration of high memory usage before memory based failover is triggered in seconds.

integer

Minimum value: 1 Maximum value: 300

60

memory-failover-sample-rate

Rate at which memory usage is sampled in order to measure memory usage in seconds.

integer

Minimum value: 1 Maximum value: 60

1

memory-failover-flip-timeout

Time to wait between subsequent memory based failovers in minutes.

integer

Minimum value: 6 Maximum value: 2147483647

6

failover-hold-time

Time to wait before failover , to avoid flip.

integer

Minimum value: 0 Maximum value: 300

0

config ha-mgmt-interfaces

Parameter

Description

Type

Size

Default

id

Table ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

interface

Interface to reserve for HA management.

string

Maximum length: 15

dst

Default route destination for reserved HA management interface.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

gateway

Default route gateway for reserved HA management interface.

ipv4-address

Not Specified

0.0.0.0

gateway6

Default IPv6 gateway for reserved HA management interface.

ipv6-address

Not Specified

::

config unicast-peers

Parameter

Description

Type

Size

Default

id

Table ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

peer-ip

Unicast peer IP.

ipv4-address

Not Specified

0.0.0.0

config secondary-vcluster

Parameter

Description

Type

Size

Default

vcluster-id

Cluster ID.

integer

Minimum value: 0 Maximum value: 255

1

override

Enable and increase the priority of the unit that should always be primary.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

priority

Increase the priority to select the primary unit.

integer

Minimum value: 0 Maximum value: 255

128

override-wait-time

Delay negotiating if override is enabled. Reduces how often the cluster negotiates.

integer

Minimum value: 0 Maximum value: 3600

0

monitor

Interfaces to check for port monitoring (or link failure).

user

Not Specified

pingserver-monitor-interface

Interfaces to check for remote IP monitoring.

user

Not Specified

pingserver-failover-threshold

Remote IP monitoring failover threshold.

integer

Minimum value: 0 Maximum value: 50

0

pingserver-secondary-force-reset

Enable to force the cluster to negotiate after a remote IP monitoring failover.

option

-

enable

Option

Description

enable

Enable force reset of secondary after PING server failure.

disable

Disable force reset of secondary after PING server failure.

vdom

VDOMs in virtual cluster 2.

user

Not Specified

config system ha

Configure HA.

config system ha
    Description: Configure HA.
    set group-id {integer}
    set group-name {string}
    set mode [standalone|config-sync-only|...]
    set sync-packet-balance [enable|disable]
    set password {password}
    set key {password}
    set hbdev {user}
    set unicast-hb [enable|disable]
    set unicast-hb-peerip {ipv4-address}
    set unicast-hb-netmask {ipv4-netmask}
    set session-sync-dev {user}
    set route-ttl {integer}
    set route-wait {integer}
    set route-hold {integer}
    set multicast-ttl {integer}
    set encryption [enable|disable]
    set authentication [enable|disable]
    set hb-interval {integer}
    set hb-interval-in-milliseconds [100ms|10ms]
    set hb-lost-threshold {integer}
    set hello-holddown {integer}
    set gratuitous-arps [enable|disable]
    set arps {integer}
    set arps-interval {integer}
    set link-failed-signal [enable|disable]
    set uninterruptible-upgrade [enable|disable]
    set sequential-upgrade [enable|disable]
    set uninterruptible-primary-wait {integer}
    set primary-hold-before-reboot {integer}
    set ha-mgmt-status [enable|disable]
    config ha-mgmt-interfaces
        Description: Reserve interfaces to manage individual cluster units.
        edit <id>
            set interface {string}
            set dst {ipv4-classnet}
            set gateway {ipv4-address}
            set gateway6 {ipv6-address}
        next
    end
    set ha-uptime-diff-margin {integer}
    set unicast-status [enable|disable]
    set unicast-gateway {ipv4-address}
    config unicast-peers
        Description: Number of unicast peers.
        edit <id>
            set peer-ip {ipv4-address}
        next
    end
    set logical-sn [enable|disable]
    set vcluster-id {integer}
    set override [enable|disable]
    set priority {integer}
    set override-wait-time {integer}
    set weight {user}
    set cpu-threshold {user}
    set memory-threshold {user}
    set http-proxy-threshold {user}
    set ftp-proxy-threshold {user}
    set imap-proxy-threshold {user}
    set nntp-proxy-threshold {user}
    set pop3-proxy-threshold {user}
    set smtp-proxy-threshold {user}
    set monitor {user}
    set pingserver-monitor-interface {user}
    set pingserver-failover-threshold {integer}
    set pingserver-secondary-force-reset [enable|disable]
    set pingserver-flip-timeout {integer}
    set vdom {user}
    set vcluster2 [enable|disable]
    config secondary-vcluster
        Description: Configure virtual cluster 2.
        set vcluster-id {integer}
        set override [enable|disable]
        set priority {integer}
        set override-wait-time {integer}
        set monitor {user}
        set pingserver-monitor-interface {user}
        set pingserver-failover-threshold {integer}
        set pingserver-secondary-force-reset [enable|disable]
        set vdom {user}
    end
    set ha-direct [enable|disable]
    set ssd-failover [enable|disable]
    set memory-compatible-mode [enable|disable]
    set memory-based-failover [enable|disable]
    set memory-failover-threshold {integer}
    set memory-failover-monitor-period {integer}
    set memory-failover-sample-rate {integer}
    set memory-failover-flip-timeout {integer}
    set failover-hold-time {integer}
end

config system ha

Parameter

Description

Type

Size

Default

group-id

HA group ID . Must be the same for all members.

integer

Minimum value: 0 Maximum value: 1023

0

group-name

Cluster group name. Must be the same for all members.

string

Maximum length: 32

mode

HA mode. Must be the same for all members. FGSP requires standalone.

option

-

standalone

Option

Description

standalone

Disable HA feature.

config-sync-only

Enable Config sync only

active-passive

Enable Active-passive mode.

sync-packet-balance

Enable/disable HA packet distribution to multiple CPUs.

option

-

disable

Option

Description

enable

Enable HA packet distribution to multiple CPUs.

disable

Disable HA packet distribution to multiple CPUs.

password

Cluster password. Must be the same for all members.

password

Not Specified

key

Key.

password

Not Specified

hbdev

Heartbeat interfaces. Must be the same for all members.

user

Not Specified

unicast-hb

Enable/disable unicast heartbeat.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

unicast-hb-peerip

Unicast heartbeat peer IP.

ipv4-address

Not Specified

0.0.0.0

unicast-hb-netmask

Unicast heartbeat netmask.

ipv4-netmask

Not Specified

0.0.0.0

session-sync-dev

Offload session-sync process to kernel and sync sessions using connected interface(s) directly.

user

Not Specified

route-ttl

TTL for primary unit routes. Increase to maintain active routes during failover.

integer

Minimum value: 5 Maximum value: 3600

10

route-wait

Time to wait before sending new routes to the cluster.

integer

Minimum value: 0 Maximum value: 3600

0

route-hold

Time to wait between routing table updates to the cluster.

integer

Minimum value: 0 Maximum value: 3600

10

multicast-ttl

HA multicast TTL on primary.

integer

Minimum value: 5 Maximum value: 3600

600

encryption

Enable/disable heartbeat message encryption.

option

-

disable

Option

Description

enable

Enable heartbeat message encryption.

disable

Disable heartbeat message encryption.

authentication

Enable/disable heartbeat message authentication.

option

-

disable

Option

Description

enable

Enable heartbeat message authentication.

disable

Disable heartbeat message authentication.

hb-interval

Time between sending heartbeat packets. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 20

2

hb-interval-in-milliseconds

Number of milliseconds for each heartbeat interval: 100ms or 10ms.

option

-

100ms

Option

Description

100ms

Each heartbeat interval is 100ms.

10ms

Each heartbeat interval is 10ms.

hb-lost-threshold

Number of lost heartbeats to signal a failure. Increase to reduce false positives.

integer

Minimum value: 1 Maximum value: 60

20

hello-holddown

Time to wait before changing from hello to work state.

integer

Minimum value: 5 Maximum value: 300

20

gratuitous-arps

Enable/disable gratuitous ARPs. Disable if link-failed-signal enabled.

option

-

enable

Option

Description

enable

Enable gratuitous ARPs.

disable

Disable gratuitous ARPs.

arps

Number of gratuitous ARPs. Lower to reduce traffic. Higher to reduce failover time.

integer

Minimum value: 1 Maximum value: 60

5

arps-interval

Time between gratuitous ARPs . Lower to reduce failover time. Higher to reduce traffic.

integer

Minimum value: 1 Maximum value: 20

8

link-failed-signal

Enable to shut down all interfaces for 1 sec after a failover. Use if gratuitous ARPs do not update network.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

uninterruptible-upgrade

Enable to upgrade a cluster without blocking network traffic.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

sequential-upgrade

Enable to upgrade secondaries one by one.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

uninterruptible-primary-wait

Number of minutes the primary HA unit waits before the secondary HA unit is considered upgraded and the system is started before starting its own upgrade.

integer

Minimum value: 15 Maximum value: 300

30

primary-hold-before-reboot

Number of seconds the primary HA unit waits after the secondary HA unit upgraded and joined back HA then starts its own upgrade.

integer

Minimum value: 0 Maximum value: 600

0

ha-mgmt-status

Enable to reserve interfaces to manage individual cluster units.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ha-uptime-diff-margin

Normally you would only reduce this value for failover testing.

integer

Minimum value: 1 Maximum value: 65535

300

unicast-status

Enable/disable unicast connection.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

unicast-gateway

Default route gateway for unicast interface.

ipv4-address

Not Specified

0.0.0.0

logical-sn

Enable/disable usage of the logical serial number.

option

-

disable

Option

Description

enable

Enable usage of the logical serial number.

disable

Disable usage of the logical serial number.

vcluster-id

Cluster ID.

integer

Minimum value: 0 Maximum value: 255

0

override

Enable and increase the priority of the unit that should always be primary.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

priority

Increase the priority to select the primary unit.

integer

Minimum value: 0 Maximum value: 255

128

override-wait-time

Delay negotiating if override is enabled. Reduces how often the cluster negotiates.

integer

Minimum value: 0 Maximum value: 3600

0

weight

Weighted round robin weight for each cluster unit. Syntax <priority> <weight>.

user

Not Specified

0 40

cpu-threshold

Dynamic weighted load balancing CPU usage weight and high and low thresholds.

user

Not Specified

memory-threshold

Dynamic weighted load balancing memory usage weight and high and low thresholds.

user

Not Specified

http-proxy-threshold

Dynamic weighted load balancing weight and high and low number of HTTP proxy sessions.

user

Not Specified

ftp-proxy-threshold

Dynamic weighted load balancing weight and high and low number of FTP proxy sessions.

user

Not Specified

imap-proxy-threshold

Dynamic weighted load balancing weight and high and low number of IMAP proxy sessions.

user

Not Specified

nntp-proxy-threshold

Dynamic weighted load balancing weight and high and low number of NNTP proxy sessions.

user

Not Specified

pop3-proxy-threshold

Dynamic weighted load balancing weight and high and low number of POP3 proxy sessions.

user

Not Specified

smtp-proxy-threshold

Dynamic weighted load balancing weight and high and low number of SMTP proxy sessions.

user

Not Specified

monitor

Interfaces to check for port monitoring (or link failure).

user

Not Specified

pingserver-monitor-interface

Interfaces to check for remote IP monitoring.

user

Not Specified

pingserver-failover-threshold

Remote IP monitoring failover threshold.

integer

Minimum value: 0 Maximum value: 50

0

pingserver-secondary-force-reset

Enable to force the cluster to negotiate after a remote IP monitoring failover.

option

-

enable

Option

Description

enable

Enable force reset of secondary after PING server failure.

disable

Disable force reset of secondary after PING server failure.

pingserver-flip-timeout

Time to wait in minutes before renegotiating after a remote IP monitoring failover.

integer

Minimum value: 6 Maximum value: 2147483647

60

vdom

VDOMs in virtual cluster 1.

user

Not Specified

vcluster2

Enable/disable virtual cluster 2 for virtual clustering.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

ha-direct

Enable/disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox.

option

-

disable

Option

Description

enable

Enable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox.

disable

Disable using ha-mgmt interface for syslog, SNMP, remote authentication (RADIUS), FortiAnalyzer, FortiSandbox.

ssd-failover

Enable/disable automatic HA failover on SSD disk failure.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

memory-compatible-mode

Enable/disable memory compatible mode.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

memory-based-failover

Enable/disable memory based failover.

option

-

disable

Option

Description

enable

Enable setting.

disable

Disable setting.

memory-failover-threshold

Memory usage threshold to trigger memory based failover (0 means using conserve mode threshold in system.global).

integer

Minimum value: 0 Maximum value: 95

0

memory-failover-monitor-period

Duration of high memory usage before memory based failover is triggered in seconds.

integer

Minimum value: 1 Maximum value: 300

60

memory-failover-sample-rate

Rate at which memory usage is sampled in order to measure memory usage in seconds.

integer

Minimum value: 1 Maximum value: 60

1

memory-failover-flip-timeout

Time to wait between subsequent memory based failovers in minutes.

integer

Minimum value: 6 Maximum value: 2147483647

6

failover-hold-time

Time to wait before failover , to avoid flip.

integer

Minimum value: 0 Maximum value: 300

0

config ha-mgmt-interfaces

Parameter

Description

Type

Size

Default

id

Table ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

interface

Interface to reserve for HA management.

string

Maximum length: 15

dst

Default route destination for reserved HA management interface.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

gateway

Default route gateway for reserved HA management interface.

ipv4-address

Not Specified

0.0.0.0

gateway6

Default IPv6 gateway for reserved HA management interface.

ipv6-address

Not Specified

::

config unicast-peers

Parameter

Description

Type

Size

Default

id

Table ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

peer-ip

Unicast peer IP.

ipv4-address

Not Specified

0.0.0.0

config secondary-vcluster

Parameter

Description

Type

Size

Default

vcluster-id

Cluster ID.

integer

Minimum value: 0 Maximum value: 255

1

override

Enable and increase the priority of the unit that should always be primary.

option

-

enable

Option

Description

enable

Enable setting.

disable

Disable setting.

priority

Increase the priority to select the primary unit.

integer

Minimum value: 0 Maximum value: 255

128

override-wait-time

Delay negotiating if override is enabled. Reduces how often the cluster negotiates.

integer

Minimum value: 0 Maximum value: 3600

0

monitor

Interfaces to check for port monitoring (or link failure).

user

Not Specified

pingserver-monitor-interface

Interfaces to check for remote IP monitoring.

user

Not Specified

pingserver-failover-threshold

Remote IP monitoring failover threshold.

integer

Minimum value: 0 Maximum value: 50

0

pingserver-secondary-force-reset

Enable to force the cluster to negotiate after a remote IP monitoring failover.

option

-

enable

Option

Description

enable

Enable force reset of secondary after PING server failure.

disable

Disable force reset of secondary after PING server failure.

vdom

VDOMs in virtual cluster 2.

user

Not Specified