Fortinet FortiGate FortiGate-3000 Installation Manual page 48

Configuring FortiGate units for HA operation
48
Table 10: High availability settings (Continued)
The group ID range is from 0 to 63. All members of the HA cluster must have the
same group ID.
When the FortiGate units in the cluster are switched to HA mode, all of the
interfaces of all of the units in the cluster get the same virtual MAC address. This
virtual MAC address is set according to the group ID.
Group ID
0
Group ID
1
2
...
63
If you have more than one HA cluster on the same network, each cluster should
have a different group ID. If two clusters on the same network have same group ID,
the duplicate MAC addresses cause addressing conflicts on the network.
The unit with the highest priority becomes the primary unit in the cluster. The unit
priority range is 0 to 255. The default unit priority is 128.
Unit
Set the unit priority to a higher value if you want the FortiGate unit to be the primary
priority cluster unit. Set the unit priority to a lower value if you want the FortiGate unit to be
a subordinate unit in the cluster. If all units have the same priority, the FortiGate
unit with the highest serial number becomes the primary cluster unit.
Override You can configure a FortiGate unit to always become the primary unit in the cluster
by giving it a high priority and by selecting Override master.
Master
The schedule controls load balancing among the FortiGate units in the active-
active HA cluster. The schedule must be the same for all units in the cluster.
None
Hub
Least
Connection
Round Robin
Weighted
Round Robin
Schedule
Random
IP
IP Port
01-28005-0026-20041101
MAC Address
00-09-0f-06-ff-00
00-09-0f-06-ff-01
00-09-0f-06-ff-02
...
00-09-0f-06-ff-3f
No load balancing. Select None when the cluster interfaces are
connected to load balancing switches.
Load balancing for hubs. Select Hub if the cluster interfaces are
connected to a hub. Traffic is distributed to units in a cluster
based on the Source IP and Destination IP of the packet.
Least connection load balancing. If the FortiGate units are
connected using switches, select Least connection to distribute
traffic to the cluster unit with the fewest concurrent connections.
Round robin load balancing. If the FortiGate units are connected
using switches, select round robin to distribute traffic to the next
available cluster unit.
Weighted round robin load balancing. Similar to round robin, but
weighted values are assigned to each of the units in a cluster
based on their capacity and on how many connections they are
currently processing. For example, the primary unit should have a
lower weighted value because it handles scheduling and forwards
traffic. Weighted round robin distributes traffic more evenly
because units that are not processing traffic will be more likely to
receive new connections than units that are very busy.
Random load balancing. If the FortiGate units are connected
using switches, select random to randomly distribute traffic to
cluster units.
Load balancing according to IP address. If the FortiGate units are
connected using switches, select IP to distribute traffic to units in
a cluster based on the Source IP and Destination IP of the
packet.
Load balancing according to IP address and port. If the FortiGate
units are connected using switches, select IP Port to distribute
traffic to units in a cluster based on the Source IP, Source Port,
Destination IP, and Destination port of the packet.
High availability installation
Fortinet Inc.