Fortinet FortiGate FortiGate-5001 Administration Manual page 97
Fortigate 5000 series
Hide thumbs
Also See for FortiGate FortiGate-5001:
- Quick start manual (2 pages) ,
- Introduction manual (77 pages) ,
- Quick manual (37 pages)
Table of Contents
Advertisement
System Config
FortiGate-5000 series Administration Guide
Table 5: Default heartbeat device configuration
FortiGate model
FortiGate-5000
By default a FortiGate-5000 HA cluster uses Port 9 and Port 10 for heartbeat
communication. Port 9 and Port 10 are not visible on the FortiGate-5000 faceplate or
on the web-based manager, but they are visible on the CLI. You can use the CLI to
view and change the heartbeat priority configuration for Port 9 and Port 10. You can
use the web-based manager or the CLI to set the heartbeat priority for other
interfaces.
Change the heartbeat device priorities as required to control the interface that is used
for heartbeat traffic and the interface to which heartbeat traffic reverts if the interface
with the highest heartbeat priority fails or is disconnected.
Setting the heartbeat priority for more interfaces increases the reliability of the cluster.
To optimize bandwidth use, you can route most heartbeat traffic to interfaces that
handle less network traffic. You can also create a failover path by setting heartbeat
priorities so that you can control the order in which interfaces are used for heartbeat
traffic.
Heartbeat device IP addresses
You do not need to assign IP addresses to heartbeat device interfaces for them to be
able to process heartbeat packets. The cluster assigns virtual IP addresses to the
heartbeat device interfaces. The primary cluster unit heartbeat device interface is
assigned the IP address 10.0.0.1 and the subordinate unit heartbeat device interface
is assigned the IP address 10.0.0.2. A third cluster unit would be assigned the IP
address 10.0.0.3 and so on.
For best results, isolate each heartbeat device on its own network. Heartbeat packets
contain sensitive information about the cluster configuration. Also, heartbeat packets
may use a considerable amount of network bandwidth and it is preferable to isolate
this traffic from your user networks. The extra bandwidth used by heartbeat packets
could also reduce the capacity of the interface to process network traffic.
For most FortiGate models if you do not change the heartbeat device configuration,
you would isolate the HA interfaces of all of the cluster units by connecting them all to
the same switch. If the cluster consists of two FortiGate units you can connect the
heartbeat device interfaces directly using a crossover cable.
HA heartbeat and data traffic are supported on the same FortiGate interface. In
NAT/Route mode, if you decide to use the heartbeat device interfaces for processing
network traffic or for a management connection, you can assign the interface any IP
address. This IP address does not affect the heartbeat traffic.
In Transparent mode, you can connect the interface to your network and enable
management access. You would then establish a management connection to the
interface using the Transparent mode management IP address.
01-28008-0013-20050204
Default heartbeat device
Port 9
Port 10
Default priority
50
100
HA
97
Advertisement
Table of Contents
