Fortinet black logo

FortiVoice Cookbook

Configuring high availability on FortiVoice units

Copy Link
Copy Doc ID c3ecc684-eeb6-11ea-96b9-00505692583a:744262
Download PDF

Configuring high availability on FortiVoice units

Perform this procedure on both primary and secondary FortiVoice units.

  1. Go to System > High Availability > Configuration.
  2. In HA configuration, configure the following settings:
    1. Set Mode of operation.

      If the FortiVoice unit is the primary unit, set the Mode of operation to Master.

      If the FortiVoice unit is the secondary unit, set the Mode of operation to Slave.

    2. Set the On failure behavior to one of the following choices:
      1. Switch Off: As part of the HA group, the failed unit will not become a primary unit again until you manually restore the configured operating mode on the Status tab.
      2. Wait for Recovery then Restore Original Role: After the unit recovers from failure, it will go back to its programmed Mode of operation. For example, if unit 1 (primary) encounters a failure and unit 2 (secondary) effectively becomes the primary, then when unit 1 recovers from failure, unit 1 will be restored as the primary and unit 2 will return to operating as the secondary unit.
      3. Wait for Recovery then Restore Slave Role: After the unit recovers from failure, this unit will operate in secondary mode. For example, if unit 1 (primary) encounters a failure and unit 2 (secondary) effectively becomes the primary, then when unit 1 recovers from failure, it will then assume the secondary mode and unit 2 will continue to operate in primary mode.
    3. Set Shared password. Make sure to use the same password for both primary and secondary units.

      Example of HA Configuration settings for primary unit

  3. In Advanced Options, configure the following port and heartbeat settings:
    1. The HA base port is used for the heartbeat signal as well as data and configuration synchronization. The default and recommended port is 20000.
    2. The Heartbeat lost threshold setting is the amount of time that must pass with no heartbeat link between the primary and secondary units before the system triggers a failover. The heartbeat signal is sent once per second to ensure that the unit is responding. To prevent a premature failover due to the system being under a heavy load, it is recommended to set this setting at 3 seconds or higher.
    3. As an added fail-safe, you can enable Remote services as heartbeat. After you enable this setting, you can configure the HTTP and SIP UDP settings in the Service Monitor section to act as an additional HA heartbeat (details are included in Configuring service-based failover). If both primary and secondary heartbeat links fail but the remote service detects that the primary unit is still available, no failover will occur. Note that this feature is only an additional heartbeat and does not provide any synchronization of files from primary to secondary units. Therefore, Fortinet does not recommend relying on remote services alone. Configure at least one HA heartbeat on an interface port.
    4. With Call recording sync, you enable or disable the synchronization of recorded calls from the primary to the secondary units. This setting is optional because there can be many recorded calls on the system that can take up quite a bit of memory. Copying these files during synchronization can take a long time and use up network bandwidth.
    5. Click Apply.
  4. In Interface, you configure the port behavior. When setting up the ports, make sure that you mirror the primary unit settings on the secondary unit, except for the Peer IP address and Peer IPv6 address settings.
    Note

    Make sure to apply the following settings:

    • Set port 1 with the secondary heartbeat status.
    • Set port 2 (or 3 or 4) with the primary heartbeat status.

    Select a port and click Edit.

    1. Enable port monitor: When you enable this setting, the unit performs an internal port check to make sure that this port is responsive. If the port becomes unresponsive, the system triggers a failover. This setting has its timing intervals configured by using the Service monitor, Interface monitor section which you can set later in Configuring service-based failover.
    2. Heartbeat status: Configure the heartbeat link and system synchronization. The following three choices are available:
      1. Disable: There is no heartbeat link or synchronization on this port.
      2. Primary: Make sure to set port 2 (or 3 or 4) as primary. This port provides a heartbeat link and system synchronization from the primary to the secondary.
      3. Secondary: Make sure to set port 1 as secondary. A secondary heartbeat link is used as a backup in case the primary one fails. A failover does not occur unless both primary and secondary heartbeat links are down.
    3. Peer IP address and Peer IPv6 address: Specify the IP address of the port at the opposite side for the heartbeat link to communicate on. For example, if you are configuring the primary unit, then enter the IP address for port 2 of the secondary unit here. If you are configuring the secondary unit, then enter the IP address of port 2 of the primary unit here.
    4. Virtual IP action: When configuring the virtual IP address, set the Virtual IP action to Use.
    5. Virtual IP address and IPv6 address: Make sure that the primary and secondary units share the same virtual IP address on each port. Also, make sure that all port forwarding for voice traffic on your router is forwarded to the virtual IP address.
    6. Click OK.

    Example of Interface settings

  5. Service Monitor offers another way of detecting whether or not there is a system failure. For configuration details, see Configuring service-based failover.
  6. When you have completed the configuration on both FortiVoice units in the HA group, go to Synchronizing configuration and data in a FortiVoice HA group.

Configuring high availability on FortiVoice units

Perform this procedure on both primary and secondary FortiVoice units.

  1. Go to System > High Availability > Configuration.
  2. In HA configuration, configure the following settings:
    1. Set Mode of operation.

      If the FortiVoice unit is the primary unit, set the Mode of operation to Master.

      If the FortiVoice unit is the secondary unit, set the Mode of operation to Slave.

    2. Set the On failure behavior to one of the following choices:
      1. Switch Off: As part of the HA group, the failed unit will not become a primary unit again until you manually restore the configured operating mode on the Status tab.
      2. Wait for Recovery then Restore Original Role: After the unit recovers from failure, it will go back to its programmed Mode of operation. For example, if unit 1 (primary) encounters a failure and unit 2 (secondary) effectively becomes the primary, then when unit 1 recovers from failure, unit 1 will be restored as the primary and unit 2 will return to operating as the secondary unit.
      3. Wait for Recovery then Restore Slave Role: After the unit recovers from failure, this unit will operate in secondary mode. For example, if unit 1 (primary) encounters a failure and unit 2 (secondary) effectively becomes the primary, then when unit 1 recovers from failure, it will then assume the secondary mode and unit 2 will continue to operate in primary mode.
    3. Set Shared password. Make sure to use the same password for both primary and secondary units.

      Example of HA Configuration settings for primary unit

  3. In Advanced Options, configure the following port and heartbeat settings:
    1. The HA base port is used for the heartbeat signal as well as data and configuration synchronization. The default and recommended port is 20000.
    2. The Heartbeat lost threshold setting is the amount of time that must pass with no heartbeat link between the primary and secondary units before the system triggers a failover. The heartbeat signal is sent once per second to ensure that the unit is responding. To prevent a premature failover due to the system being under a heavy load, it is recommended to set this setting at 3 seconds or higher.
    3. As an added fail-safe, you can enable Remote services as heartbeat. After you enable this setting, you can configure the HTTP and SIP UDP settings in the Service Monitor section to act as an additional HA heartbeat (details are included in Configuring service-based failover). If both primary and secondary heartbeat links fail but the remote service detects that the primary unit is still available, no failover will occur. Note that this feature is only an additional heartbeat and does not provide any synchronization of files from primary to secondary units. Therefore, Fortinet does not recommend relying on remote services alone. Configure at least one HA heartbeat on an interface port.
    4. With Call recording sync, you enable or disable the synchronization of recorded calls from the primary to the secondary units. This setting is optional because there can be many recorded calls on the system that can take up quite a bit of memory. Copying these files during synchronization can take a long time and use up network bandwidth.
    5. Click Apply.
  4. In Interface, you configure the port behavior. When setting up the ports, make sure that you mirror the primary unit settings on the secondary unit, except for the Peer IP address and Peer IPv6 address settings.
    Note

    Make sure to apply the following settings:

    • Set port 1 with the secondary heartbeat status.
    • Set port 2 (or 3 or 4) with the primary heartbeat status.

    Select a port and click Edit.

    1. Enable port monitor: When you enable this setting, the unit performs an internal port check to make sure that this port is responsive. If the port becomes unresponsive, the system triggers a failover. This setting has its timing intervals configured by using the Service monitor, Interface monitor section which you can set later in Configuring service-based failover.
    2. Heartbeat status: Configure the heartbeat link and system synchronization. The following three choices are available:
      1. Disable: There is no heartbeat link or synchronization on this port.
      2. Primary: Make sure to set port 2 (or 3 or 4) as primary. This port provides a heartbeat link and system synchronization from the primary to the secondary.
      3. Secondary: Make sure to set port 1 as secondary. A secondary heartbeat link is used as a backup in case the primary one fails. A failover does not occur unless both primary and secondary heartbeat links are down.
    3. Peer IP address and Peer IPv6 address: Specify the IP address of the port at the opposite side for the heartbeat link to communicate on. For example, if you are configuring the primary unit, then enter the IP address for port 2 of the secondary unit here. If you are configuring the secondary unit, then enter the IP address of port 2 of the primary unit here.
    4. Virtual IP action: When configuring the virtual IP address, set the Virtual IP action to Use.
    5. Virtual IP address and IPv6 address: Make sure that the primary and secondary units share the same virtual IP address on each port. Also, make sure that all port forwarding for voice traffic on your router is forwarded to the virtual IP address.
    6. Click OK.

    Example of Interface settings

  5. Service Monitor offers another way of detecting whether or not there is a system failure. For configuration details, see Configuring service-based failover.
  6. When you have completed the configuration on both FortiVoice units in the HA group, go to Synchronizing configuration and data in a FortiVoice HA group.