Configuring high availability on FortiVoice units
Perform this procedure on both the primary (master) FortiVoice unit and secondary (slave) FortiVoice unit.
- Go to System > High Availability > Configuration.
- In HA configuration, configure the following settings:
- Set Mode of operation.
If the FortiVoice unit is the primary unit, set the Mode of operation to Master.
If the FortiVoice unit is the secondary unit, set the Mode of operation to Slave.
- Set the On failure behavior to one of the following choices:
- Switch Off: As part of the HA group, the failed unit will not become a master again until you manually restore the configured operating mode on the Status tab.
- Wait for Recovery then Restore Original Role: After the unit recovers from failure, it will go back to its programmed Mode of operation. For example, if unit 1 (master) encounters a failure and unit 2 (slave) effectively becomes the master, then when unit 1 recovers from failure, unit 1 will be restored as the master and unit 2 will return to operating as the slave unit.
- Wait for Recovery then Restore Slave Role: After the unit recovers from failure, this unit will operate in slave mode. For example, if unit 1 (master) encounters a failure and unit 2 (slave) effectively becomes the master, then when unit 1 recovers from failure, it will then assume the slave mode and unit 2 will continue to operate in master mode.
- Set Shared password. Make sure to use the same password for both master and slave units.
Example of HA Configuration settings for primary (master) unit
- Set Mode of operation.
- In Advanced Options, configure the following port and heartbeat settings:
- The HA base port is used for the heartbeat signal as well as data and configuration synchronization. The default and recommended port is 20000.
- The Heartbeat lost threshold setting is the amount of time that must pass with no heartbeat link between the master and slave units before the system triggers a failover. The heartbeat signal is sent once per second to ensure that the unit is responding. In order to prevent a premature failover due to the system being under a heavy load, it is recommended to set this setting at 3 seconds or higher.
- As an added fail-safe, you can enable Remote services as heartbeat. After you enable this setting, you can configure the HTTP and SIP UDP settings in the Service Monitor section to act as an additional HA heartbeat (details are included in Configuring service-based failover). If both primary and secondary heartbeat links fail but the remote service detects that the master is still available, no failover will occur. Note that this feature is only an additional heartbeat and does not provide any synchronization of files from master to slave units. Therefore, Fortinet does not recommend relying on remote services alone. Configure at least one HA heartbeat on an interface port.
- With Call recording sync, you enable or disable the synchronization of recorded calls from the master to the slave units. This setting is optional because there can be many recorded calls on the system that can take up quite a bit of memory. Copying these files during synchronization can take a long time and use up network bandwidth.
- Survivability service interface is planned to be functional in a future release.
- Click Apply.
Example of Advanced Options settings
- In Interface, you configure the port behavior. When setting up the ports, make sure that you mirror the master unit settings on the slave unit, except for the Peer IP address and Peer IPv6 address settings.
Make sure to apply the following settings:
- Set port 1 with the secondary heartbeat status.
- Set port 2 (or 3 or 4) with the primary heartbeat status.
Select a port and click Edit.
- Enable port monitor: When you enable this setting, the unit performs an internal port check to make sure that this port is responsive. If the port becomes unresponsive, the system triggers a failover. This setting has its timing intervals configured by using the Service monitor, Interface monitor section which you can set later in Configuring service-based failover.
Heartbeat status: Configure the heartbeat link and system synchronization. The following three choices are available:
- Disable: There is no heartbeat link or synchronization on this port.
- Primary: Make sure to set port 2 (or 3 or 4) as primary. This port provides a heartbeat link and system synchronization from the master to the slave.
- Secondary: Make sure to set port 1 as secondary. A secondary heartbeat link is used as a backup in case the primary one fails. A failover does not occur unless both primary and secondary heartbeat links are down.
- Peer IP address and Peer IPv6 address: Specify the IP address of the port at the opposite side for the heartbeat link to communicate on. For example, if you are configuring the master unit, then enter the IP address for port 2 of the slave unit here. If you are configuring the slave unit, then enter the IP address of port 2 of the master unit here.
- Virtual IP action: When configuring the virtual IP address, set the Virtual IP action to Use.
- Virtual IP address and IPv6 address: Make sure that the master and slave units share the same virtual IP address on each port. Also, make sure that all port forwarding for voice traffic on your router is forwarded to the virtual IP address.
- Click OK.
Example of Interface settings
- Service Monitor offers another way of detecting whether or not there is a system failure. For configuration details, see Configuring service-based failover.
- When you have completed the configuration on both FortiVoice units in the HA group, go to Synchronizing configuration and data in a FortiVoice HA group.