OSPF Failover with HA A-P

Hello,

I have been working on setting up 2 Fortigate 200D firewalls in Active/Passive HA mode and running OSPF. I have attached an image which shows my current test environment. I have run into an issue where I can get the failover to occur within 3 seconds on either the WAN or LAN, but not both.

I've configured OSPF with the following information:

firewall1 # show router ospf config router ospf     set router-id 0.0.0.2     set spf-timers 2 4         config ospf-interface             edit "Peering"                 set interface "wan1"                 set ip 10.0.4.2                 set retransmit-interval 1                 set dead-interval 1                 set hello-multiplier 4             next         end         config network             edit 3                 set prefix 0.0.0.0 0.0.0.0             next         end         config redistribute "connected"             set status enable         end end

This is the HA configuration:

firewall1 # show system ha config system ha     set group-name "hagroup"     set mode a-p     set hbdev "port15" 50 "port16" 50     set hb-interval 3     set hb-lost-threshold 2     set helo-holddown 5     set arps 10     set arps-interval 1     set session-pickup enable     set ha-mgmt-status enable     set ha-mgmt-interface "mgmt"     set ha-uptime-diff-margin 1     set override disable     set monitor "port2" "wan1" end

In the case where the OSPF "restart-mode graceful-restart" is enabled, the failover on the WAN side takes between 7 and 11 seconds. The LAN side takes 1-3 seconds. If I disable the restart-mode, these times change. The WAN side takes 1-3 seconds while the LAN side takes 9-11 seconds.

Are there any suggestions that would allow us to use HA with OSPF and lower these failover times?