Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiWeb 7.6.1 Administration Guide
    7.6.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0
    5.6.0

    Enhanced support for deploying high volume active-active HA with a load balancer (7.6.1)

    Enhanced support for deploying high volume active-active HA with a load balancer (7.6.1)

    Previously, in the high-volume active-active mode, multiple virtual IPs (VIP) are assigned to each member with different priority levels. In this configuration, traffic for a specific virtual IP is only directed to the member that has set this virtual IP with the highest priority. If that member becomes unavailable, the traffic will automatically reroute to other members configured with that virtual IP, ensuring continuous service and load distribution among the remaining members. This is called the "Single" mode high volume active-active HA, which means that each member has only one primarily VIP.

    In the example below, traffic to VIP 2 is primarily directed to FortiWeb B. If FortiWeb B becomes unavailable, traffic to VIP 2 will be automatically rerouted to FortiWeb A or C, ensuring continuity of service.

    Starting from version 7.6.1, we have introduced the "all" mode for high-volume active-active HA. In this mode, the virtual IPs (VIPs) assigned to each member do not have differing priority levels. Instead, traffic to any VIP can be processed equally by all members in the HA group.

    As shown in the following table, VIP 1, VIP 2, and VIP 3 are active on all members, allowing every FortiWeb instance to handle requests for each VIP. The traffic distribution across the members is managed by the load balancer deployed in front of the FortiWeb cluster, ensuring balanced traffic processing without reliance on priority levels.

    You can run the following command to switch between "single" and "all" modes.

    config system ha

    set mode active-active-high-volume

    set distribution {single | all}

    end

    This configuration is available only in the CLI and is not accessible through the GUI.

    By default, "all" mode is used for FortiWeb-VM HA on public cloud platforms (e.g., AWS, Azure) and on KVM with the UDP tunnel network type, as it is common to deploy a load balancer in front of FortiWeb in these environments. For other platforms and hardware FortiWeb devices, the default high-volume active-active HA mode is set to "single" mode.

    In "all" mode for high-volume active-active HA, traffic is managed by the load balancer. Therefore, the "Node Allocation" and "Traffic Distribution" tabs are not available when high-volume active-active HA is set to "all" mode, as traffic distribution is entirely handled by the load balancer.

    For more information, see Configuring HA settings specifically for high volume active-active mode.

    Previous
    Next

    Enhanced support for deploying high volume active-active HA with a load balancer (7.6.1)

    Enhanced support for deploying high volume active-active HA with a load balancer (7.6.1)

    Previously, in the high-volume active-active mode, multiple virtual IPs (VIP) are assigned to each member with different priority levels. In this configuration, traffic for a specific virtual IP is only directed to the member that has set this virtual IP with the highest priority. If that member becomes unavailable, the traffic will automatically reroute to other members configured with that virtual IP, ensuring continuous service and load distribution among the remaining members. This is called the "Single" mode high volume active-active HA, which means that each member has only one primarily VIP.

    In the example below, traffic to VIP 2 is primarily directed to FortiWeb B. If FortiWeb B becomes unavailable, traffic to VIP 2 will be automatically rerouted to FortiWeb A or C, ensuring continuity of service.

    Starting from version 7.6.1, we have introduced the "all" mode for high-volume active-active HA. In this mode, the virtual IPs (VIPs) assigned to each member do not have differing priority levels. Instead, traffic to any VIP can be processed equally by all members in the HA group.

    As shown in the following table, VIP 1, VIP 2, and VIP 3 are active on all members, allowing every FortiWeb instance to handle requests for each VIP. The traffic distribution across the members is managed by the load balancer deployed in front of the FortiWeb cluster, ensuring balanced traffic processing without reliance on priority levels.

    You can run the following command to switch between "single" and "all" modes.

    config system ha

    set mode active-active-high-volume

    set distribution {single | all}

    end

    This configuration is available only in the CLI and is not accessible through the GUI.

    By default, "all" mode is used for FortiWeb-VM HA on public cloud platforms (e.g., AWS, Azure) and on KVM with the UDP tunnel network type, as it is common to deploy a load balancer in front of FortiWeb in these environments. For other platforms and hardware FortiWeb devices, the default high-volume active-active HA mode is set to "single" mode.

    In "all" mode for high-volume active-active HA, traffic is managed by the load balancer. Therefore, the "Node Allocation" and "Traffic Distribution" tabs are not available when high-volume active-active HA is set to "all" mode, as traffic distribution is entirely handled by the load balancer.

    For more information, see Configuring HA settings specifically for high volume active-active mode.

    Previous
    Next