Primary & Secondary Failover

Forum|Forum|10 years ago
February 3, 2016
1 reply
6501 views

Hello Fellas,

I have 4 AD server in my network, I installed 2 Collector Agent to my 1st and 2nd AD Server for failover purposes and DC agent to the remaining 2 servers.

Is there a way in FSSO settings or AD server that once Primary AD goes down in less than a minute Secondary will handle the authentication semlessly?

In my lab once I disconnected my Primary AD it take some time Foritgate recognizes the secondary server.

I was thinking similar to WAN link load balance there is ping server where to trigger the failover method.

Any feedback is much appreciated.

BR,

Fishbone_FTNT

Staff

Hello Fullmoon,

this is matter of protocol timers, which can't be tuned from Fortigate/FSSO CA configuration. Could you please let me know how long it takes in your case to fail-over to next FSSO CA and why it is that not fast enough for you?

Thanks,

Fishbone

FullmoonAuthor

New Member

hi Fishbone,

Appreciate your inputs.

Here's the outcome of my re-testing while ago.

Double checked my FSSO Agent/IP status and it was pointing to Primary AD.

Both my Primary and Secondary are up and running, on computer 1 and computer continuously pinging both server ip and yahoo.com. shutdown the Primary server, computer 1 and computer 2 still can browse the internet but loading of pages took so long, under Fortigate->Single Sign On->checked FSSO Agent/IP status still pointing to Primary AD, based on my observation it took 3-5 mins before FSSO Agent/IP recognized Secondary AD Server IP.

BR,

emnoc

New Member

For a quicker failover do you have any internal SLB and can build a virtual server with LB algorithim and a layer4 port check?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded