FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sferreira
Staff
Staff

Description
On a HA cluster when Active-Active mode is enabled, there are, sometimes, issues of latency on the Internet access.
This articles explains how to overcome this issue.

Solution

When a HA cluster is on Active-Active mode, the primary FortiGate receives the sessions that are directed to the backup FortiGate and sends it using the backup's interface physical MAC address at the destination MAC address.
 
There is a command that balances all TCP sessions between the Cluster's Members:
#config system ha
set group-name <Group_Name>
.
set load-balance-all enable
end
This is disabled by default since it increases overhead and may actually reduce performance.
When working in Active-Active Mode on a HA Cluster, the recommendation is to disable this Option:
#config system ha
set group-name <Group_Name>
.
set load-balance-all disable
end



 

 

Contributors