FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 214928

This article will serve as a guide on how to configure the LACP interface on HA-monitored interfaces when LACP is used for multicast traffic.

Scope FortiGate

Below shows the interfaces that are part of the  LACP configuration.


FGTA-MCAST # diag netlink aggregate name LACPMcastServer

status: up

npu: n

flush: n

asic helper: y

ports: 2

link-up-delay: 50ms

min-links: 1

ha: master

distribution algorithm: L4

LACP mode: static


slave: port3

  index: 0

  link status: up

  link failure count: 0

  permanent MAC addr: 00:0c:29:09:75:6f


slave: port4

  index: 1

  link status: up

  link failure count: 0

  permanent MAC addr: 00:0c:29:09:75:79


- On HA configuration instead of placing the LACP interface, the individual interfaces are configured that is a member of the LACP.


FGTA-MCAST (ha) # show

config system ha

    set group-name "FGT_Multicast"

    set mode a-p

    set password ENC 

    set hbdev "port5" 0

    set ha-mgmt-status enable

    config ha-mgmt-interfaces

        edit 1

            set interface "port1"

            set gateway



    set override enable

    set priority 200

    set monitor "port2" "port3" "port4"



-With this configuration, if failover is triggered from Primary to Secondary FortiGate the multicast traffic will establish without any delay.


 # get sys ha stat

HA Health Status: OK

Model: FortiGate-VM64

Mode: HA A-P

Group: 0

Debug: 0

Cluster Uptime: 0 days 0:30:17

Cluster state change time: 2022-06-17 21:32:28

Primary selected using:<2022/06/17 21:32:28> FGVM04TM22004042 is selected as the primary because it has the largest value of override priority.


-Screenshot of the Multicast traffic when a failover was done.




Note: If the LACP interface itself is used on the HA monitored interfaces, HA monitoring will have a delay when detecting the LACP interface and can cause some delays to establish LACP traffic during a FortiGate HA failover.