You can configure a cluster level failover IP for each port except port3 and any ports the sniffer is sniffing. This IP set works as an alias IP of the primary node network port. The primary node local IP set and secondary node Local IP set are kept locally during failover.
This failover IP set should be set on the current primary node through the CLI command
hc-settings. It should be in the same subnet of each port’s local IP. Client devices such as FortiGate should point to this failover IP. When a failover occurs, this failover IP set will be applied on the new primary node.