Skip to main content
vishal
vishal
Visitor III
July 5, 2019
Question

Active Active HA

  • July 5, 2019
  • 1 reply
  • 7333 views
Hi Everyone, I'm having an doubt regarding an Active Active HA using FGT 200E. Can anyone help me regarding this. 1) Subordinate Active unit monitored interface need to configure IP address individually or it reflect from Primary Active unit when trigger happen. 2) I'm having 2 heartbeat interface for redundancy so assigning Heartbeat interface a priority affect primary or secondary unit selection during HA setup. Any help will be highly appreciated. Regards, Vishal

    1 reply

    hubertzw
    hubertzw
    New Member
    July 6, 2019
    Once you configure HA on both (if you have 2 device) they sync their config. Primary device will send it to secondary one. You can set different IP on both to allow access via ssh or https. Make sure you understand election process to set the right IP on the correct device. Priority is 3rd parameter to check (default settings) in the HA election process.
    vishal
    vishalAuthor
    Visitor III
    July 7, 2019
    Hubertzw, Thanks for your reply. My query is related to scenerio where I have to run 2 FGT200E in Active Active mode where internal interface from each fortigate connected to 2 Switch running in stacking mode. So what configuration need to do on interfaces of both Fortigate connected to switch in stack as internal to achieve traffic should pass through both unit.
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    July 7, 2019

    @Vishal:

    1- all settings (except very few, like hostname) are duplicated between cluster members. So, port addresses as well. As you connect both ports (master and slave) to a L2 switch, this isn't a problem. They even have the same virtual MAC address (which in cheap switches may be a problem...).

    2- HBDEV priority isn't about master election. This parameter only distributes heartbeat traffic across multiple HA links (which is a best practice). You influence election by setting "override" and port monitoring. Port monitoring triggers a failover when a monitored port fails. And of course, the monitored port setting is duplicated between cluster members.

    Terms & ConditionsAccessibility statement