FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 293570
Description This article describes the External Threat connector behavior when High Availablity.
Scope FortiGate.

When the External Threat connector is configured in High Availability, the primary unit has access to the resource's primary status and will always be UP. The secondary unit status will be DOWN.



When having HA in Active-Passive, only the Active node manages connectivity to external resources, and self-originating traffic (DNS, Updates, External resources, etc).

This means that if there is a failover and a change of roles, it will display the same behavior, but with roles changed. The secondary member (now active) will have connectivity, and the primary member (now passive) will not have connectivity. In HA Active-Active is different. This is what can be seen: both members are connected to these services.


This is the expected behavior.