| Description |
This article describes how to fix FortiAuthenticator HA cluster via VXLAN over IPsec is formed but not stable. |
| Scope |
FortiAuthenticator. |
| Solution |
The setup is FortiAuthenticator HA cluster via VXLAN over IPsec VPN tunnel. Both FortiAuthenticators are located from different sites.
Configured VXLAN: Technical Tip: VXLAN over IPsec for multiple VLANs using software switch over IPsec on both FortiGates to establish layer 2 connectivity between both sites and build FortiAuthenticator HA cluster.
The FortiAuthenticator HA cluster formed but was not stable when using the default Heartbeat interval (10) and Heartbeat lost threshold (6) values.
The issue was resolved by increasing the Heartbeat interval (20) and Heartbeat loss threshold (60).
FortiAuthenticator HA cluster is now stable:
If the latency of VXLAN over IPsec is high, consider adjusting the Heartbeat interval and Heartbeat lost threshold values to fix it.
The FortiAuthenticator firmware version should be v6.1.1 and above or v6.2.0 and above to have the Heartbeat interval and Heartbeat lost threshold adjustment feature available. |
