Managing An Ha Cluster - Fortinet FortiGate FortiGate-5001 Administration Manual

HA

Managing an HA cluster

102
This command has the following results:
• The first connection is processed by the primary unit (priority 0, weight 1)
• The next three connections are processed by the first subordinate unit (priority 1,
weight 3)
• The next three connections are processed by the second subordinate unit (priority
2, weight 3)
The subordinate units process more connections than the primary unit, and both
subordinate units, on average, process the same number of connections.
To switch between load balancing virus scanning sessions and all sessions
By default a FortiGate HA cluster load balances virus scanning sessions among all of
the cluster units. All other traffic is processed by the primary unit. Using the CLI, you
can configure the cluster to load balance all network traffic among all cluster units.
To configure load balancing all communication sessions, enter the command:
config system ha
set load-balance-all enable
end
The configurations of all of the FortiGate units in the cluster are synchronized so that
the FortiGate units can function as a cluster. Because of this synchronization, you
manage the HA cluster instead of managing the individual cluster units. You manage
the cluster by connecting to the web-based manager using any cluster interface
configured for HTTPS administrative access. You can also manage the cluster by
connecting to the CLI using any cluster interface configured for SSH administrative
access.
You can also use SNMP to manage the cluster by configuring a cluster interface for
SNMP administrative access. Using an SNMP manager you can get cluster
configuration information and receive traps. For a list of HA MIB fields, see
fields" on page 113 and
You can change the cluster configuration by connecting to the cluster and changing
the configuration of the primary unit. The cluster automatically synchronizes all
configuration changes to the subordinate units in the cluster as the changes are
made.
The only configuration change that is not synchronized is the FortiGate host name.
You can give each cluster unit a unique host name to help to identify cluster members.
Individual cluster units are also identified by their serial number.
You can use the web-based manager to monitor the status and logs of individual
cluster members. See
"To view and manage logs for individual cluster units" on page
01-28008-0013-20050204
"FortiGate HA traps" on page
"To view the status of each cluster member" on page 103
System Config
"HA MIB
112.
104.
Fortinet Inc.
and