Skip to main content
redhat9
redhat9
New Member
January 15, 2021
Question

Choice between active/active and active/passive mode FORTIGATE 50E

  • January 15, 2021
  • 1 reply
  • 8843 views

Hi, i have setup active active cluster fortigate 50E but ha is out of sync.

 

i found a littleexplanatin to setup this cluster in coobook but it's not a complete tutorial and it's my first time with cluster fortinet.

 

can you explain me in details how to setup active/active cluster and i want to know if it's respond to my need in fact or perhaps active/passive is more adapt to my needs.

 

Regards

    1 reply

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    January 16, 2021

    Cluster not synchronizing has nothing to do with the HA mode.

    For debugging use the CLI and these instructions from the kb.fortinet.com:

    "Technical Note: Troubleshooting a checksum mismatch in a FortiGate HA cluster"

     - in newer versions of FortiOS, the command is "diag sys ha check clu [|global|root]"

     

    Comparing the list of CRCs of each config category will show you where the difference in config is. Compare the config files from master and slave for this section and correct it.

     

    "diag sys ha checksum recalc" will sometimes help as well.

     

    For the HA mode, my feeling is that 90% of all clusters run in a-p mode because the benefits of a-a are not crucial or needed then. Less resources, less HA traffic, not so much less throughput (which would be the strongest argument pro a-a mode).

    redhat9
    redhat9Author
    New Member
    January 16, 2021
    Hello. Thanks a lot for your reply. I talk with my collegue and we need just ha activé passive. I have to go to datacenter to setup. Regards.
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    January 16, 2021

    you'll see it's not a big deal to change the mode. Would you please report if it caused a reboot? Not sure about it.

    Terms & ConditionsAccessibility statement