System config
HA
FortiGate-300A Administration Guide
01-28006-0092-20041105
85
FortiGate units can be configured to operate in active-passive (A-P) or active-active
(A-A) HA mode. Active-active and active-passive clusters can run in either NAT/Route
or Transparent mode.
An active-passive (A-P) HA cluster, also referred to as hot standby HA, consists of a
primary FortiGate unit that processes traffic, and one or more subordinate FortiGate
units. The subordinate FortiGate units are connected to the network and to the
primary FortiGate unit but do not process traffic.
Active-active (A-A) HA load balances network traffic all the FortiGate units in the
cluster. An active-active HA cluster consists of a primary FortiGate unit that processes
traffic and one or more subordinate units that also process traffic. The primary
FortiGate unit uses a load balancing algorithm to distribute virus scanning to all the
FortiGate units in the HA cluster.
By default the FortiGate unit load balances virus scanning among all of the FortiGate
units in the cluster. Using the CLI, you can configure the FortiGate unit to load balance
all network traffic among the FortiGate units in the cluster. See the
FortiGate CLI
Reference Guide
for more information.
•
HA configuration
•
Configuring an HA cluster
•
Managing an HA cluster
For more information about FortiGate HA and the FGCP, see the
FortiGate High
Availability Guide
.
HA configuration
Go to
System > Config > HA
and use the options described below to configure HA.
Link failover
If one of the links to a FortiGate unit in an HA cluster fails, all functions, all
established firewall connections, and all IPSec VPN sessions
a
are maintained
by the other FortiGate units in the HA cluster. For information about link
failover, see
“Monitor priorities” on page 90
.
a.HA does not provide session failover for PPPoE, DHCP, PPTP, and L2TP services.
Device failover
If one of the FortiGate units in an HA cluster fails, all functions, all established
firewall connections, and all IPSec VPN sessions are maintained by the other
FortiGate units in the HA cluster.
HA heartbeat
failover
You can configure multiple interfaces to be HA heartbeat devices. If an
interface functioning as an HA heartbeat device fails, the HA heartbeat is
transferred to another interface also configured as an HA heartbeat device.
Summary of Contents for FortiGate FortiGate-300A
Page 46: ...46 01 28006 0092 20041105 Fortinet Inc Changing the FortiGate firmware System status ...
Page 72: ...72 01 28006 0092 20041105 Fortinet Inc FortiGate IPv6 support System network ...
Page 80: ...80 01 28006 0092 20041105 Fortinet Inc Dynamic IP System DHCP ...
Page 110: ...110 01 28006 0092 20041105 Fortinet Inc FortiManager System config ...
Page 116: ...116 01 28006 0092 20041105 Fortinet Inc Access profiles System administration ...
Page 246: ...246 01 28006 0092 20041105 Fortinet Inc CLI configuration Users and authentication ...
Page 322: ...322 01 28006 0092 20041105 Fortinet Inc CLI configuration Antivirus ...
Page 370: ...370 01 28006 0092 20041105 Fortinet Inc CLI configuration Log Report ...
Page 384: ...384 01 28006 0092 20041105 Fortinet Inc Glossary ...
Page 392: ...392 01 28006 0092 20041105 Fortinet Inc Index ...