High Availability
Link failure threshold and board failover tolerance
FIM module failures
If an FIM module fails, not only will HA recognize this as a module failure it will also give the chassis with the
failed FIM module a much lower traffic bandwidth score. So an FIM module failure would be more likely to cause
an HA failover than a FPM module failover.
Also, the traffic bandwidth score for an FIM module with more connected interfaces would be higher than the
score for an FIM module with fewer connected interfaces. So if a different FIM module failed in each chassis, the
chassis with the functioning FIM module with the most connected data interfaces would have the highest traffic
bandwidth score and would become the primary chassis.
Management link failures
Management connections to a chassis can affect primary chassis selection. If the management connection to
one chassis become disconnected a failover will occur and the chassis that still has management connections will
become the primary chassis.
Link failure threshold and board failover tolerance
The default settings of the link failure threshold and the board failover tolerance result in the default link and
module failure behavior. You can change these settings if you want to modify this behavior. For example, if you
want a failover to occur if an FPM module fails, even if an interface has failed you can increase the board failover
tolerance setting.
Link failure threshold
The link failure threshold determines how many interfaces in a link aggregation interface (LAG) can be lost before
the LAG interface is considered down. The chassis with the most connected LAGs becomes the primary chassis.
if a LAG goes down the cluster will negotiate and may select a new primary chassis. You can use the following
command to change the link failure threshold:
config system ha
set link-failure-threshold <threshold>
end
The threshold range is 0 to 80 and 0 is the default.
A threshold of 0 means that if a single interface in any LAG fails the LAG the considered down. A higher failure
threshold means that more interfaces in a LAG can fail before the LAG is considered down. For example, if the
threshold is set to 1, at least two interfaces will have to fail.
Board failover tolerance
You can use the following command to configure board failover tolerance.
config system ha
set board-failover-tolerance <tolerance>
end
The tolerance range is 0 to 12, and 0 is the default.
FortiGate-7000
Fortinet Technologies Inc.
70