Improving fault tolerance
To enhance availability, set up two FortiWeb appliances to act as an active-passive high availability (HA) pair. If your main FortiWeb appliance fails, the standby FortiWeb appliance can continue processing web traffic with only a minor interruption. For details, see Configuring a high availability (HA) FortiWeb cluster.
Keep these points in mind when setting up an HA pair:
-
Isolate HA interface connections from your overall network.
Heartbeat and synchronization packets contain sensitive configuration information and can consume considerable network bandwidth. For best results, directly connect the two HA interfaces using a crossover cable. If your system uses switches instead of crossover cables to connect the HA heartbeat interfaces, those interfaces must be reachable by Layer 2 multicas
-
When configuring an HA pair, pay close attention to the options arps <arp_int> and arp-interval <seconds_int>.
FortiWeb broadcasts ARP/NS packets to the network to ensure timely failover. Delayed broadcast intervals can slow performance. Set the value of arps <arp_int> no higher than needed.
When FortiWeb broadcasts ARP/NS packets, it does so at regular intervals. For performance reasons, set the value for arp-interval <seconds_int> no greater than required.
Some experimentation may be needed to set these options at their optimum value. For details, see Configuring a high availability (HA) FortiWeb cluster.
Alerting the SNMP manager when HA switches the primary appliance
Use SNMP to generate a message if the HA heartbeat fails.
Configure an SNMP community and enable the HA heartbeat failed option. For details, see Configuring an SNMP community.