Description
On a HA cluster when Active-Active mode is enabled, there are, sometimes, issues of latency on the Internet access.
This articles explains how to overcome this issue.
Solution
When a HA cluster is on Active-Active mode, the primary FortiGate receives the sessions that are directed to the backup FortiGate and sends it using the backup's interface physical MAC address at the destination MAC address.
There is a command that balances all TCP sessions between the Cluster's Members:
#config system ha
set group-name <Group_Name>
.
set load-balance-all enable
end
This is disabled by default since it increases overhead and may actually reduce performance.
When working in Active-Active Mode on a HA Cluster, the recommendation is to disable this Option:
#config system ha
set group-name <Group_Name>
.
set load-balance-all disable
end
