Skip to main content
osaleem2_10
osaleem2_10
Explorer III
September 2, 2025
Solved

Fortigate HA active passive

  • September 2, 2025
  • 2 replies
  • 572 views

Hi,

 

I have 2 Q regarding to Fortigate A/P.

 

Now I have my 901 FG with a dedicated port for HA. I will make this port for Heartbeat. And I do have 2 fiber links as well for HA with normal ports. Is the best practice to keep the HA default port for heartbeat sync, and use the 2 extra fiber ports for session sync only?

 

Or there is no way to segregate between heartbeat and session synchronization, so I have to keep all of them in the heartbeat option?

 

The second question is, I have enabled the HA with no license on my firewalls when I want to add the license for my firewalls. Is the correct way to remove HA back to standalone mode and then enable the license on each box and return to A/P mode?

 

thanks

 

Best answer by alyxjame

Yes, the 7.4.8 Admin Guide explains this under the “Using multiple FortiGate interfaces for session synchronization” section. You can find the details in the Improving session sync performance documentation.

2 replies

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
September 2, 2025

Yes, at least 7.4.8 admin guide described it below under "Using multiple FortiGate interfaces for session synchronization" section.

https://docs.fortinet.com/document/fortigate/7.4.8/administration-guide/269278/improving-session-sync-performance

Toshi

alyxjame
alyxjameAnswer
New Member
September 3, 2025

Yes, the 7.4.8 Admin Guide explains this under the “Using multiple FortiGate interfaces for session synchronization” section. You can find the details in the Improving session sync performance documentation.

Terms & ConditionsAccessibility statement