Fortinet FortiGate FortiGate-1000A Administration Manual page 100
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
HA
100
For best results, isolate each heartbeat device on its own network. Heartbeat packets
contain sensitive information about the cluster configuration. Also, heartbeat packets
may use a considerable amount of network bandwidth and it is preferable to isolate
this traffic from your user networks. The extra bandwidth used by heartbeat packets
could also reduce the capacity of the interface to process network traffic.
For most FortiGate models if you do not change the heartbeat device configuration,
you would isolate the HA interfaces of all of the cluster units by connecting them all to
the same switch. If the cluster consists of two FortiGate units you can connect the
heartbeat device interfaces directly using a crossover cable.
HA heartbeat and data traffic are supported on the same FortiGate interface. In
NAT/Route mode, if you decide to use the heartbeat device interfaces for processing
network traffic or for a management connection, you can assign the interface any IP
address. This IP address does not affect the heartbeat traffic.
In Transparent mode, you can connect the interface to your network and enable
management access. You would then establish a management connection to the
interface using the Transparent mode management IP address.
Monitor priorities
Enable or disable monitoring a FortiGate interface to verify that the interface is
functioning properly and connected to its network. If a monitored interface fails or is
disconnected from its network the interface leaves the cluster. The cluster reroutes the
traffic being processed by that interface to the same interface of another cluster unit
that still has a connection to the network. This other cluster unit becomes the new
primary cluster unit.
If you can re-establish traffic flow through the interface (for example, if you re-connect
a disconnected network cable) the interface rejoins the cluster. If Override Master is
enabled for this FortiGate unit (see
becomes the primary unit in the cluster again.
Note: Only monitor interfaces that are connected to networks.
Note: You can monitor physical interfaces, but not VLAN subinterfaces.
Increase the priority of interfaces connected to higher priority networks or networks
with more traffic. The monitor priority range is 0 to 512.
If a high priority interface on the primary unit fails, one of the other cluster units
becomes the new primary unit to provide better service to the high priority network.
If a low priority interface fails on one cluster unit and a high priority interface fails on
another cluster unit, a unit in the cluster with a working connection to the high priority
interface would, if it becomes necessary to negotiate a new primary unit, be selected
instead of a unit with a working connection to the low priority interface.
•
Configuring an HA cluster
•
Managing an HA cluster
01-28011-0254-20051115
"Override Master" on page
System Config
97), this FortiGate unit
Fortinet Inc.
Advertisement
Table of Contents
