94
01-28006-0068-20041105
Fortinet Inc.
Managing an HA cluster
System config
To configure weighted-round-robin weights
By default, in active-active HA mode the weighted round-robin schedule assigns the
same weight to each FortiGate unit in the cluster. If you configure a cluster to use the
weighted round-robin schedule, from the CLI you can use
config system ha
weight
to configure a weight value for each cluster unit. The weight value sets the
maximum number of connections that are sent to a cluster unit before a connection
can be sent to the next cluster unit. You can set weight values to control the number of
connections processed by each cluster unit. For example, you might want to reduce
the number of connections processed by the primary cluster unit by increasing the
weight assigned to the subordinate cluster units.
Weight values are entered as two values; the priority order of the unit in the cluster (in
the range 0 to 31) followed by its weight (also in the range 0 to 31). For example, if you
have a cluster of three FortiGate units, you can enter the following command to
configure the weight values for each unit:
config system ha
set ha weight 0 1 1 3 2 3
end
This command has the following results:
• The first connection is processed by the primary unit (priority 0, weight 1)
• The next three connections are processed by the first subordinate unit (priority 1,
weight 3)
• The next three connections are processed by the second subordinate unit (priority
2, weight 3)
The subordinate units process more connections than the primary unit, and both
subordinate units, on average, process the same number of connections.
Managing an HA cluster
The configurations of all of the FortiGate units in the cluster are synchronized so that
the FortiGate units can function as a cluster. Because of this synchronization, you
manage the HA cluster instead of managing the individual FortiGate units in the
cluster. You manage the cluster by connecting to the web-based manager using any
cluster interface configured for HTTPS administrative access. You can also manage
the cluster by connecting to the CLI using any cluster interface configured for SSH
administrative access.
You can also use SNMP to manage the cluster by configuring a cluster interface for
SNMP administrative access. Using an SNMP manager you can get cluster
configuration information and receive traps. For a list of HA MIB fields, see
“HA MIB
fields” on page 104
and
“FortiGate HA traps” on page 103
.
You can change the cluster configuration by connecting to the cluster and changing
the configuration of the primary FortiGate unit. The cluster automatically synchronizes
all configuration changes to the subordinate units in the cluster as the changes are
made.
The only configuration change that is not synchronized is the FortiGate host name.
You can give each cluster unit a unique host name to help to identify cluster members.
Summary of Contents for FortiGate FortiGate-100A
Page 24: ...24 01 28006 0068 20041105 Fortinet Inc FortiLog documentation Introduction...
Page 72: ...72 01 28006 0068 20041105 Fortinet Inc Transparent mode VLAN settings System network...
Page 80: ...80 01 28006 0068 20041105 Fortinet Inc DHCP IP MAC binding settings System DHCP...
Page 114: ...114 01 28006 0068 20041105 Fortinet Inc Access profile options System administration...
Page 232: ...232 01 28006 0068 20041105 Fortinet Inc CLI configuration Firewall...
Page 244: ...244 01 28006 0068 20041105 Fortinet Inc peergrp Users and authentication...
Page 320: ...320 01 28006 0068 20041105 Fortinet Inc service smtp Antivirus...
Page 366: ...366 01 28006 0068 20041105 Fortinet Inc syslogd setting Log Report...
Page 380: ...380 01 28006 0068 20041105 Fortinet Inc Glossary...
Page 388: ...388 01 28006 0068 20041105 Fortinet Inc Index...