Fortinet black logo

Administration Guide

Improving fault tolerance

Improving fault tolerance

To enhance availability, set up two FortiWeb appliances to act as an active-passive high availability (HA) pair. If your main FortiWeb appliance fails, the standby FortiWeb appliance can continue processing web traffic with only a minor interruption. For details, see FortiWeb high availability (HA) .

Keep these points in mind when setting up an HA pair:

  • Isolate HA interface connections from your overall network.

    Heartbeat and synchronization packets contain sensitive configuration information and can consume considerable network bandwidth. For best results, directly connect the two HA interfaces using a crossover cable. If your system uses switches instead of crossover cables to connect the HA heartbeat interfaces, those interfaces must be reachable by Layer 2 multicas

  • When configuring an HA pair, pay close attention to the options FortiWeb high availability (HA) and FortiWeb high availability (HA) .

    FortiWeb broadcasts ARP/NS packets to the network to ensure timely failover. Delayed broadcast intervals can slow performance. Set the value of FortiWeb high availability (HA) no higher than needed.

    When FortiWeb broadcasts ARP/NS packets, it does so at regular intervals. For performance reasons, set the value for FortiWeb high availability (HA) no greater than required.

    Some experimentation may be needed to set these options at their optimum value. For details, see FortiWeb high availability (HA) .

Alerting the SNMP manager when HA switches the primary appliance

Use SNMP to generate a message if the HA heartbeat fails.

Configure an SNMP community and enable the HA heartbeat failed option. For details, see Configuring an SNMP community.

Improving fault tolerance

To enhance availability, set up two FortiWeb appliances to act as an active-passive high availability (HA) pair. If your main FortiWeb appliance fails, the standby FortiWeb appliance can continue processing web traffic with only a minor interruption. For details, see FortiWeb high availability (HA) .

Keep these points in mind when setting up an HA pair:

  • Isolate HA interface connections from your overall network.

    Heartbeat and synchronization packets contain sensitive configuration information and can consume considerable network bandwidth. For best results, directly connect the two HA interfaces using a crossover cable. If your system uses switches instead of crossover cables to connect the HA heartbeat interfaces, those interfaces must be reachable by Layer 2 multicas

  • When configuring an HA pair, pay close attention to the options FortiWeb high availability (HA) and FortiWeb high availability (HA) .

    FortiWeb broadcasts ARP/NS packets to the network to ensure timely failover. Delayed broadcast intervals can slow performance. Set the value of FortiWeb high availability (HA) no higher than needed.

    When FortiWeb broadcasts ARP/NS packets, it does so at regular intervals. For performance reasons, set the value for FortiWeb high availability (HA) no greater than required.

    Some experimentation may be needed to set these options at their optimum value. For details, see FortiWeb high availability (HA) .

Alerting the SNMP manager when HA switches the primary appliance

Use SNMP to generate a message if the HA heartbeat fails.

Configure an SNMP community and enable the HA heartbeat failed option. For details, see Configuring an SNMP community.